[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yu+WyB/EKZ9m2hO2@bamboo.spacehopper.org>
Date: Sun, 7 Aug 2022 11:41:12 +0100
From: Stuart Henderson <sthen@...nbsd.org>
To: oss-security@...ts.openwall.com
Subject: Re: Exim < 4.95 heap overflow
On 2022/08/06 22:46, Evgeny Legerov wrote:
> Hi,
>
>
> Here is another bug which has been silently fixed in Exim.
>
> It has not been recognized as a security issue, many distros still don't
> have this patch.
>
> Original report + patch is here -
> https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743
>
> Analysis of the bug - https://github.com/ivd38/exim_overflow
>
> I don't post here because it is huge snippet of code.
As a reader, I would much rather have a self-contained list post with a huge
snippet of code, than a link to an external source. But in this case it isn't
huge at all; the entire contents of https://github.com/ivd38/exim_overflow
(README.md, exim.conf, asan.log) are certainly short enough for a list post.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
