Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Dec 2016 11:59:06 +0100
From: Heiko Schlittermann <>
To: oss-security <>
Subject: CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of
 private information)


Heiko Schlittermann <> (Fr 16 Dez 2016 00:36:45 CET):
> Product:    Exim
> Versions:   4.69 -> 4.87
> Impact:     Possible leak of private information to a remote attacker
> Reference: (placeholder currently)
> Requester:  Heiko Schlittermann <> (Exim Developer)
> Credits:    Bjoern Jacke <>
> If several conditions are met, Exim leaks private information to
> a remote attacker.

As at least one major distro isn't ready yet, we'll keep our initial schedule
and release the fixed versions on Dec, 25th, 10:00 UTC.

You'll find the versions in the usual places

    git://         Tags exim-4_88, exim-4_87_1          4.88      4.87.1

If you have older versions running, you should to at least 4.87.1.

We're sorry for the release date.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ