[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149) (#10541) · Issues · alpine / aports

[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149)

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in
deliver_message() function in /src/deliver.c may lead to remote command execution.

Fixed In Version:

exim 4.92

References:

https://www.openwall.com/lists/oss-security/2019/06/04/1
https://exim.org/static/doc/security/CVE-2019-10149.txt

(from redmine: issue id 10541, created on 2019-06-06, closed on 2019-06-12)

Changesets:
- Revision 65097c9c by Mike Sullivan on 2019-06-10T15:37:56Z:

community/exim: fix broken link with upgrade to 4.92

fixes #10541 (CVE-2019-10149)

(cherry picked from commit a6e92b2adbed5e2905258a37f8b1980700612929)

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.