Date: Sun, 7 Aug 2022 11:41:12 +0100 From: Stuart Henderson <sthen@...nbsd.org> To: oss-security@...ts.openwall.com Subject: Re: Exim < 4.95 heap overflow On 2022/08/06 22:46, Evgeny Legerov wrote: > Hi, > > > Here is another bug which has been silently fixed in Exim. > > It has not been recognized as a security issue, many distros still don't > have this patch. > > Original report + patch is here - > https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 > > Analysis of the bug - https://github.com/ivd38/exim_overflow > > I don't post here because it is huge snippet of code. As a reader, I would much rather have a self-contained list post with a huge snippet of code, than a link to an external source. But in this case it isn't huge at all; the entire contents of https://github.com/ivd38/exim_overflow (README.md, exim.conf, asan.log) are certainly short enough for a list post.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.