Bug 1544567

Summary: CVE-2018-6789
Product: [Fedora] Fedora EPEL Reporter: Ruben Püttmann <ruben>
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: epel7CC: bennie.joubert, dwmw2, jskarvad, tremble
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-13 13:57:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ruben Püttmann 2018-02-12 22:12:14 UTC 
We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

Timeline (UTC)
--------------

* 2018-02-05 Report from Meh Chang <meh> via exim-security mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.
Comment 1 Jaroslav Škarvada 2018-02-13 13:52:01 UTC 
Thanks for info.
Comment 2 Jaroslav Škarvada 2018-02-13 13:57:07 UTC 
I am closing this as a dupe of bug 1543269.

*** This bug has been marked as a duplicate of bug 1543269 ***