Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at

Bug 1544567

Summary: CVE-2018-6789
Product: [Fedora] Fedora EPEL Reporter: Ruben Püttmann <ruben>
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: epel7CC: bennie.joubert, dwmw2, jskarvad, tremble
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-13 13:57:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ruben Püttmann 2018-02-12 22:12:14 UTC
We released Exim 4.90.1 just now.

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See for the timeline.

Timeline (UTC)

* 2018-02-05 Report from Meh Chang <meh> via exim-security mailing list
* 2018-02-06 Request CVE on (heiko)
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.

Comment 1 Jaroslav Škarvada 2018-02-13 13:52:01 UTC
Thanks for info.

Comment 2 Jaroslav Škarvada 2018-02-13 13:57:07 UTC
I am closing this as a dupe of bug 1543269.

*** This bug has been marked as a duplicate of bug 1543269 ***