summaryrefslogtreecommitdiff
path: root/devel/libsmi
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2014-05-29 09:27:37 +0000
committeradam <adam@pkgsrc.org>2014-05-29 09:27:37 +0000
commit73b9463764e31d7c42370243732e74dd4caee837 (patch)
treef27374be3da215ed9929f2054fc10e7b8a3824b6 /devel/libsmi
parent0ac8e1724a4ab184b6fd17d9b81425d41782c13e (diff)
downloadpkgsrc-73b9463764e31d7c42370243732e74dd4caee837.tar.gz
Changes 4.82.1:
This is a SECURITY release, addressing a CRITICAL remote code execution flaw in Exim version 4.82 (only) when built with DMARC support (an experimental feature, not on by default). This release is identical to 4.82 except for the small change needed to plug the security hole. The next release of Exim will, eventually, be 4.83, which will include the many improvements we've made since 4.82, but which will require the normal release candidate baking process before release. You are not vulnerable unless you built Exim with EXPERIMENTAL_DMARC. This issue is known by the CVE ID of CVE-2014-2957, was reported directly to the Exim development team by a company which uses Exim for its mail server. An Exim developer constructed a small patch which altered the way the contents of the From header is parsed by converting it to use safer and better internal functions. It was applied and tested on a production server for correctness. We were notified of the vulnerability Friday night, created a patch on Saturday, applied and tested it on Sunday, notified OS packagers on Monday/Tuesday, and are releasing on the next available work day, which is Wednesday. This is why we have made the smallest feasible changes to prevent exploit: we want this chagne to be as safe as possible to expedite into production (if the packages were built with DMARC).
Diffstat (limited to 'devel/libsmi')
0 files changed, 0 insertions, 0 deletions