[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149) (#10541) · Issues · alpine / aports

[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149)

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in
deliver_message() function in /src/deliver.c may lead to remote command execution.

Fixed In Version:

exim 4.92

References:

https://www.openwall.com/lists/oss-security/2019/06/04/1
https://exim.org/static/doc/security/CVE-2019-10149.txt

(from redmine: issue id 10541, created on 2019-06-06, closed on 2019-06-12)

Changesets:
- Revision 65097c9c by Mike Sullivan on 2019-06-10T15:37:56Z:

community/exim: fix broken link with upgrade to 4.92

fixes #10541 (CVE-2019-10149)

(cherry picked from commit a6e92b2adbed5e2905258a37f8b1980700612929)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information