Bug 2241455

Summary: Multiple security vulnerabilities in Exim: CVE-2023-42114, CVE 2023-42115, CVE-2023-42116
Product: [Fedora] Fedora Reporter: Felix Schwarz <fschwarz>
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: bennie.joubert, dwmw2, jskarvad, martin.fraenzl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-10-02 12:40:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Felix Schwarz 2023-09-30 04:19:35 UTC 
According to Exim upstream, there are multiple security issues in the current Exim code with fixes being available for distribution maintainers:

https://www.openwall.com/lists/oss-security/2023/09/29/5

Probably you are aware of the issue but just in case: Anything I can do to help getting the fixes out for Fedora+EPEL?

Reproducible: Always
Comment 1 Jaroslav Škarvada 2023-10-02 12:40:03 UTC 
I will handle it.

We have individual security trackers:
https://bugzilla.redhat.com/show_bug.cgi?id=2241538
https://bugzilla.redhat.com/show_bug.cgi?id=2241525
https://bugzilla.redhat.com/show_bug.cgi?id=2241528
https://bugzilla.redhat.com/show_bug.cgi?id=2241531
https://bugzilla.redhat.com/show_bug.cgi?id=2241535
https://bugzilla.redhat.com/show_bug.cgi?id=2241542

Thus I am closing this report and will handle it in the individual trackers.

*** This bug has been marked as a duplicate of bug 2241538 ***
Comment 2 Jaroslav Škarvada 2023-10-02 12:51:44 UTC 
I cannot handle https://bugzilla.redhat.com/show_bug.cgi?id=2241535, it's libspf2, but I will handle the rest.