Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 671
    • Issues 671
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 176
    • Merge Requests 176
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #10541

Closed
Open
Opened Jun 06, 2019 by Alicha CH@alichaReporter

[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149)

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in
deliver_message() function in /src/deliver.c may lead to remote command execution.

Fixed In Version:

exim 4.92

References:

https://www.openwall.com/lists/oss-security/2019/06/04/1
https://exim.org/static/doc/security/CVE-2019-10149.txt

(from redmine: issue id 10541, created on 2019-06-06, closed on 2019-06-12)

  • Changesets:
    • Revision 65097c9c by Mike Sullivan on 2019-06-10T15:37:56Z:
community/exim: fix broken link with upgrade to 4.92

fixes #10541 (CVE-2019-10149)

(cherry picked from commit a6e92b2adbed5e2905258a37f8b1980700612929)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
3.9.5
Milestone
3.9.5
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10541