Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1544567 - CVE-2018-6789
Summary: CVE-2018-6789
Keywords:
Status: CLOSED DUPLICATE of bug 1543269
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: exim
Version: epel7
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Jaroslav Škarvada
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-12 22:12 UTC by Ruben Püttmann
Modified: 2018-02-13 13:57 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-13 13:57:07 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Ruben Püttmann 2018-02-12 22:12:14 UTC 
We released Exim 4.90.1 just now.
---------------------------------

This is mainly a security release to fix CVE-2018-6789, a buffer
overflow in base64d(). Please update your systems to 4.90.1. The
reporter of the bug claims to have a working exploit. See
http://exim.org/static/doc/security/CVE-2018-6789.txt for the timeline.

Timeline (UTC)
--------------

* 2018-02-05 Report from Meh Chang <meh> via exim-security mailing list
* 2018-02-06 Request CVE on https://cveform.mitre.org/ (heiko)
             CVE-2018-6789
* 2018-02-07 Announcement to the public via exim-users, exim-maintainers
             mailing lists and on oss-security mailing list
* 2018-02-08 16:50 Grant restricted access to the security repo for
             distro maintainers
* 2018-02-09 One distro breaks the embargo
* 2018-02-10 18:00 Grant public access to the our official git repo.
Comment 1 Jaroslav Škarvada 2018-02-13 13:52:01 UTC 
Thanks for info.
Comment 2 Jaroslav Škarvada 2018-02-13 13:57:07 UTC 
I am closing this as a dupe of bug 1543269.

*** This bug has been marked as a duplicate of bug 1543269 ***
Note You need to log in before you can comment on or make changes to this bug.