GNU bug report logs - #66304
exim vulnearable to CVE-2023-42115 et al

Previous Next

Package: guix;

Reported by: Wilko Meyer <w <at> wmeyer.eu>

Date: Mon, 2 Oct 2023 10:48:01 UTC

Severity: normal

Tags: security

Done: John Kehayias <john.kehayias <at> protonmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Wilko Meyer <w <at> wmeyer.eu>
To: 66304 <at> debbugs.gnu.org
Subject: bug#66304: exim vulnearable to CVE-2023-42115 et al
Date: Mon, 02 Oct 2023 12:35:20 +0200

Hi Guix,

Exim currently has unpatched vulnearabilities regarding its EXTERNAL
Auth driver as well as its SPA/NTLM authenticator.

According to the project[0] prospective fixes seem to be around the
corner. We should probably bump the Exim version we ship to a
non-vulnearable version as soon as one is available.

[0]: https://www.exim.org/static/doc/security/CVE-2023-zdi.txt

-- 
Kind regards,

Wilko Meyer
w <at> wmeyer.eu

This bug report was last modified 1 year and 232 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66304 exim vulnearable to CVE-2023-42115 et al

GNU bug report logs - #66304
exim vulnearable to CVE-2023-42115 et al