1544567 – CVE-2018-6789

Bug 1544567 - CVE-2018-6789

Summary: CVE-2018-6789

Keywords:
Status:	CLOSED DUPLICATE of bug 1543269
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	exim
Sub Component:
Version:	epel7
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Jaroslav Škarvada
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-12 22:12 UTC by Ruben Püttmann
Modified:	2018-02-13 13:57 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-13 13:57:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Ruben Püttmann 2018-02-12 22:12:14 UTC

We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

Timeline (UTC)
--------------

* 2018-02-05 Report from Meh Chang <meh> via exim-security mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.

Comment 1 Jaroslav Škarvada 2018-02-13 13:52:01 UTC

Thanks for info.

Comment 2 Jaroslav Škarvada 2018-02-13 13:57:07 UTC

I am closing this as a dupe of bug 1543269.

*** This bug has been marked as a duplicate of bug 1543269 ***

Note You need to log in before you can comment on or make changes to this bug.