Bug 2241484

Summary: Multiple security vulnerabilities in Exim: CVE-2023-42114, CVE 2023-42115, CVE-2023-42116
Product: [Fedora] Fedora EPEL Reporter: Ruben Püttmann <ruben>
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: epel7CC: bennie.joubert, dwmw2, jskarvad, martin.fraenzl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-07-09 04:26:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ruben Püttmann 2023-09-30 11:47:48 UTC 
According to Exim upstream, there are multiple security issues in the current Exim code with fixes being available for distribution maintainers:

https://www.openwall.com/lists/oss-security/2023/09/29/5

Probably you are aware of the issue but just in case: Anything I can do to help getting the fixes out for Fedora+EPEL?

Reproducible: Always
Comment 1 Ruben Püttmann 2023-10-02 15:34:45 UTC 
Additional informations:

https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Comment 2 Troy Dawson 2024-07-09 04:26:29 UTC 
EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.