The remote code execution (CVE-2010-4344) affected 4.69 and earlier
(Ubuntu 9.10 and earlier). This was fixed last week in
http://www.ubuntu.com/usn/usn-1032-1. The privilege escalation issue
(CVE-2010-4345) affects all releases but has not been fixed yet since
upstream hasn't decided on the best way to fix it. The exploit in the
wild would exploit CVE-2010-4344 to execute arbitrary code and then use
the vulnerability in CVE-2010-4345 to escalate to root. By fixing
CVE-2010-4344, the remote attack vector is closed. A fix for
CVE-2010-4345 will be provided when one becomes available.
** Changed in: exim4 (Ubuntu)
Status: Confirmed => Triaged
** Changed in: exim4 (Ubuntu)
Status: Triaged => Fix Released
** Changed in: exim4 (Ubuntu)
Importance: Undecided => High
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4345
--
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.
https://bugs.launchpad.net/bugs/688672
Title:
remote code execution as per DSA-2131-1
_______________________________________________
Mailing list: https://launchpad.net/~registry
Post to : registry@lists.launchpad.net
Unsubscribe : https://launchpad.net/~registry
More help : https://help.launchpad.net/ListHelp
