Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 Nov 2017 15:37:49 -0500
From: Leo Famulari <>
Subject: Re: RCE in Exim reported

On Sat, Nov 25, 2017 at 06:50:31PM -0500, Phil Pennock wrote:
> :
>   Use-after-free remote-code-execution
>   CVE-2017-16943
> :
>   stack-exhaustion remote DoS
>   CVE-2017-16944
> Fix for the former has been confirmed by the reporter and is in git.
> The `exim-4_89+fixes` branch used by various OS packagers for major
> bug-fixes on top of the 4.89 release has the UAF fix backported.  Work
> on the DoS is under way.

FYI, clicking on the commits from this page just gives the error

400 - Invalid hash parameter

But the commit in question can be viewed here:

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.