[3.7] exim: buffer overflow (CVE-2018-6789)
In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
References:
https://exim.org/static/doc/security/CVE-2018-6789.txt
http://openwall.com/lists/oss-security/2018/02/07/2
Patch:
https://github.com/Exim/exim/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
(from redmine: issue id 8505, created on 2018-02-19, closed on 2018-02-20)
- Changesets:
- Revision e95c80cf by Valery Kartel on 2018-02-19T15:09:27Z:
community/exim: security upgrade to 4.90.1 (CVE-2018-6789)
Fixes #8505
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>