diff options
| author | rea <rea@FreeBSD.org> | 2012-10-26 16:46:40 +0800 |
|---|---|---|
| committer | rea <rea@FreeBSD.org> | 2012-10-26 16:46:40 +0800 |
| commit | d9832644b010da67b341a0e03bfcda6d896d6728 (patch) | |
| tree | d1448202051c1ce125ee5ee4629f21572ea0ac50 /security | |
| parent | 9210541771d93f213e260b0a8147781229380d65 (diff) | |
| download | freebsd-ports-gnome-d9832644b010da67b341a0e03bfcda6d896d6728.tar.gz freebsd-ports-gnome-d9832644b010da67b341a0e03bfcda6d896d6728.tar.zst freebsd-ports-gnome-d9832644b010da67b341a0e03bfcda6d896d6728.zip | |
mail/exim: upgrade to 4.80.1
This is bugfix-only release, it eliminates remote code execution
in the DKIM code.
Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
Feature safe: yes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0ed09df3ba1c..92822ebbb921 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,45 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b0f3ab1f-1f3b-11e2-8fe9-0022156e8794"> + <topic>Exim -- remote code execution</topic> + <affects> + <package> + <name>exim</name> + <range><ge>4.70</ge><lt>4.80.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>This vulnerability affects Exim instances built with DKIM + enabled (this is the default for FreeBSD Exim port) and running + verification of DKIM signatures on the incoming mail + messages.</p> + <p>Phil Penncock reports:</p> + <blockquote cite="https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"> + <p>This is a SECURITY release, addressing a CRITICAL remote + code execution flaw in versions of Exim between 4.70 and + 4.80 inclusive, when built with DKIM support (the default).</p> + <p>This security vulnerability can be exploited by anyone + who can send email from a domain for which they control the + DNS.</p> + <p>You are not vulnerable if you built Exim with DISABLE_DKIM + or if you put this at the start of an ACL plumbed into + acl_smtp_connect or acl_smtp_rcpt:</p> + <pre>warn control = dkim_disable_verify</pre> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-5671</cvename> + <url>https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html</url> + </references> + <dates> + <discovery>2012-10-25</discovery> + <entry>2012-10-26</entry> + </dates> + </vuln> + <vuln vid="5f326d75-1db9-11e2-bc8f-d0df9acfd7e5"> <topic>django -- multiple vulnerabilities</topic> <affects> |