svn commit: r503577 - head/security/vuxml
Vsevolod Stakhov
vsevolod at FreeBSD.org
Thu Jun 6 12:26:55 UTC 2019
Author: vsevolod
Date: Thu Jun 6 12:26:54 2019
New Revision: 503577
URL: https://svnweb.freebsd.org/changeset/ports/503577
Log:
Document Exim RCE CVE-2019-10149
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jun 6 12:15:42 2019 (r503576)
+++ head/security/vuxml/vuln.xml Thu Jun 6 12:26:54 2019 (r503577)
@@ -58,6 +58,46 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="45bea6b5-8855-11e9-8d41-97657151f8c2">
+ <topic>Exim -- RCE in deliver_message() function</topic>
+ <affects>
+ <package>
+ <name>exim</name>
+ <range><ge>4.87</ge><lt>4.92</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Exim team and Qualys report:</p>
+ <blockquote cite="https://www.exim.org/static/doc/security/CVE-2019-10149.txt">
+ <p>
+ We received a report of a possible remote exploit. Currently there is no evidence of an active use of this exploit.
+ </p>
+ <p>
+ A patch exists already, is being tested, and backported to all
+ versions we released since (and including) 4.87.
+ </p>
+ <p>
+ The severity depends on your configuration. It depends on how close to
+ the standard configuration your Exim runtime configuration is. The
+ closer the better.
+ </p>
+ <p>
+ Exim 4.92 is not vulnerable.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-10149</cvename>
+ <url>https://www.exim.org/static/doc/security/CVE-2019-10149.txt</url>
+ </references>
+ <dates>
+ <discovery>2019-05-27</discovery>
+ <entry>2019-06-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ffc73e87-87f0-11e9-ad56-fcaa147e860e">
<topic>Django -- AdminURLFieldWidget XSS</topic>
<affects>
More information about the svn-ports-head
mailing list