[3.9] exim: Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149)
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper
validation of recipient address in
deliver_message() function in /src/deliver.c may lead to remote command
execution.
Fixed In Version:
exim 4.92
References:
https://www.openwall.com/lists/oss-security/2019/06/04/1
https://exim.org/static/doc/security/CVE-2019-10149.txt
(from redmine: issue id 10541, created on 2019-06-06, closed on 2019-06-12)
- Changesets:
- Revision 65097c9c by Mike Sullivan on 2019-06-10T15:37:56Z:
community/exim: fix broken link with upgrade to 4.92
fixes #10541 (CVE-2019-10149)
(cherry picked from commit a6e92b2adbed5e2905258a37f8b1980700612929)