Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZRqyHsEDQ2YQNy8A@jumper.schlittermann.de>
Date: Mon, 2 Oct 2023 14:05:50 +0200
From: Heiko Schlittermann <hs@...marc.schlittermann.de>
To: oss-security@...ts.openwall.com
Subject: Re: Exim4 MTA CVEs assigned from ZDI

Dear Exim Users,

we released the available fixes for the issues mentioned in the recent
CVEs. We're very sorry for any inconvenience.

See this link for a summary: https://exim.org/static/doc/security/CVE-2023-zdi.txt

Distribution points:
--------------------
- git://git.exim.org
  branches:
  - spa-auth-fixes (based on the current master) [commit IDs: 7bb5bc2c6 0519dcfb5 e17b8b0f1 04107e98d]
  - exim-4.96+security (based on exim-4.96) [gpg signed]
  - exim-4.96.1+fixes (based on exim-4.96.1 with the fixes from exim-4.96+fixes) [gpg signed]
  tags:
  - exim-4.96.1 [gpg signed]

- tarballs for exim-4.96.1: https://ftp.exim.org/pub/exim/exim4/ [gpg signed]

GPG signatures are made by me (hs@...littermann.de, or Jeremy Harris
jgh@...mail.org).

For cross-verification the SHAX sums follow:
SHA256 (exim-4.96.1.tar.bz2) = 26bbcd4f45483c7138912b4bd31022aee8abf8ac7cdff55839d7e2a9e4c60692
SHA256 (exim-4.96.1.tar.gz) = 6d06845e07c699e7dabbe1ca1edf23fe8b17083dc9fe0736f0b4a90351ac708e
SHA256 (exim-4.96.1.tar.xz) = 93ac0755c317e1fdbbea8ccb70a868876bdf3148692891c72ad0fe816767033d
SHA256 (exim-html-4.96.1.tar.bz2) = 42084c0fe3cc430eccd598beb5dff3c7742926a4a6c92d44d6836480757e1b72
SHA256 (exim-html-4.96.1.tar.gz) = 9c2d7de709def8e44b200db74b59777e6fdf2811718ff3f3ba75f1e006812e6a
SHA256 (exim-html-4.96.1.tar.xz) = 745d73e6d17fddbd0c92e55ab134ba691363ee583604038bc2fd551c70acbc6c
SHA256 (exim-pdf-4.96.1.tar.bz2) = 89b532da12560d4c3dbcada1c96d07ca0b7ae21af61c3798eada715acf081ae7
SHA256 (exim-pdf-4.96.1.tar.gz) = b4b1d6f32ea04e44370b5de38e961c2d16580b089839bb1e1416e95be05bfd0e
SHA256 (exim-pdf-4.96.1.tar.xz) = 510c793e6b4122fa2312eaa697d90d8be4b5f8480977c3babdb35d5c1e8cfe79
SHA256 (exim-postscript-4.96.1.tar.bz2) = 7369e423b4f5b6557483da7cbd290010fdffa4ade3afa0262a47416841d47bc9
SHA256 (exim-postscript-4.96.1.tar.gz) = 3ec107687f6799f8798edecb10cc4ce45cc74aec8ed2356a87754b12a1c43782
SHA256 (exim-postscript-4.96.1.tar.xz) = e6332d2a26cd68223d8e73180b95f63f92dc781090dccb22af2c8f1991592824
SHA512 (exim-4.96.1.tar.bz2) = 2475437b48a266b2e453808a01320fe4df499bb9e3e7d41b6283f369cfa72602a02baa9a1bcdc630987a35da9db47e09fa682dca31748f07f8bde8403d636a22
SHA512 (exim-4.96.1.tar.gz) = 3c2d387686e0b1b4d4e06718eebb5a53b6944dd818abf3f7a7d3cd1898557dac302708f5f9e2a09223cf7cb8d34b0234c1763eab9b2182fd1d9593012add02d9
SHA512 (exim-4.96.1.tar.xz) = ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd
SHA512 (exim-html-4.96.1.tar.bz2) = 56fe39f66e238100e0ca62f19f08703176471cfccdb9c95368fd219f043c96da9da512418e10224514461302e1f25af0254bf810081c8b6edfe676196ffbb743
SHA512 (exim-html-4.96.1.tar.gz) = 36fea45df417e87ee7d5676ca5347d7e28cb5db70d583cf7471108a9b6fbedfdaa34793063f577dccdd9e62a8617380cb89f5f4d1891a4d05105d78655b7e588
SHA512 (exim-html-4.96.1.tar.xz) = 5519bf2056c8b4018a2e3a2d9afca0e0b1978990d3789be421d097bcae000d2d38205cd61e67bd83c27036376613c6ba69c993b6567adf3b57fdd642e9db1cc8
SHA512 (exim-pdf-4.96.1.tar.bz2) = aefc9b6fe83c6cd74d87e7c4c448957f7bf76ec9fb94ff1620512906e84ddfae4f9445247b228d2231c6faf71e35ae0a2bf0cdcfb453bc62295694e22c597d09
SHA512 (exim-pdf-4.96.1.tar.gz) = 3f7ab2a405ebe5c2b027039dc23864bced07f757f4bda2e283b938e9786aa18c70f167990c38e85bb5cc55b433bb470ed7acb04d5a9a732eab5dffe28d07e1ee
SHA512 (exim-pdf-4.96.1.tar.xz) = d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0
SHA512 (exim-postscript-4.96.1.tar.bz2) = 83b4f3d686d62e18da90b25d5ed2ab2ca5ff709ea16887f35a0e45dcf0ba139c02f5171008ae26879dd598a0f9d25bdc5851066375006d0a004b6a36d0ee957e
SHA512 (exim-postscript-4.96.1.tar.gz) = dceb5f9350dbba42c4fcffb03248f7d3951d3cb8bba759b8e3d4e3cd69651ea5db0b8a692b93e2be2958ad01865efbf2dd29b5ace72058ceb2aabc17451b6834
SHA512 (exim-postscript-4.96.1.tar.xz) = 788fc9c48955ef6eb497f64bdcc75812acebe144fcb5a8b773f5a03ced66be4842f8b3e9572e0dc5d625e0de4274cefa13ae708bb8edf9ee883795271d77db82

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.