** Changed in: exim4 (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
To manage
** Branch linked: lp:ubuntu/exim4
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-bugs mailing list
Ubuntu-s
This bug was fixed in the package exim4 - 4.76-1ubuntu1
---
exim4 (4.76-1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes (LP: #779391):
- debian/control: Don't declare a Provides: default-mta; in Ubuntu,
we want postfix to be the default.
ex
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@li
** Branch linked: lp:ubuntu/maverick-security/exim4
** Branch linked: lp:ubuntu/natty-security/exim4
** Branch linked: lp:ubuntu/lucid-security/exim4
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launch
This bug was fixed in the package exim4 - 4.71-3ubuntu1.2
---
exim4 (4.71-3ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/85_CVE-2011-1764.patch: patch from upstream
- CVE-2011-1764
-- Felix GeyerSun,
This bug was fixed in the package exim4 - 4.72-1ubuntu1.2
---
exim4 (4.72-1ubuntu1.2) maverick-security; urgency=low
* SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/85_CVE-2011-1764.patch: patch from upstream
- CVE-2011-1764
-- Kees CookMon
This bug was fixed in the package exim4 - 4.74-1ubuntu1.1
---
exim4 (4.74-1ubuntu1.1) natty-security; urgency=low
* SECURITY UPDATE: format string vulnerability (LP: #779391)
- debian/patches/85_CVE-2011-1764.patch: patch from upstream
- CVE-2011-1764
-- Felix GeyerSun,
Er, nevermind, DKIM was added after Hardy.
** Also affects: exim4 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: exim4 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: exim4 (Ubuntu Natty)
Importance: Undecided
Status: New
**
AAaargh. Who reimplements sprintf!? I am working on hardy and dapper
now. Will have this uploaded shortly. Thanks for double-checking and
getting the Lucid and Oneiric patches ready!
At least full ASLR (PIE[1]) is in place in Lucid and later, so
exploiting this is difficult, but not impossible.
[
Kees, are you sure about compiler flags helping? Exim's string_vformat
is a separate builtin implementation.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764
Just as a note, due to Ubuntu's default compiler flags[1], this
vulnerability is "only" a denial-of-service and does not seem to result
in arbitrary code execution.
[1] https://wiki.ubuntu.com/CompilerFlags
--
You received this bug notification because you are a member of Ubuntu
Server Team, whi
debdiff for lucid
** Patch added: "exim4_4.71-3ubuntu1.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/779391/+attachment/2119726/+files/exim4_4.71-3ubuntu1.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Fix for oneiric by merging 4.75-3 from Debian.
** Patch added: "exim4_4.75-3ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/779391/+attachment/2119702/+files/exim4_4.75-3ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team
Affects lucid - oneiric (exim4 >= 4.70).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-bugs mailing list
U
** Changed in: exim
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-b
** Changed in: exim4 (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
--
Ubuntu-server-
** Bug watch added: Debian Bug tracker #624670
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670
** Also affects: exim4 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670
Importance: Unknown
Status: Unknown
** Bug watch added: bugs.exim.org/ #1106
http:/
18 matches
Mail list logo
