Univention Bugzilla – Bug 49603
exim4: Multiple issues (4.4)
Last modified: 2019-06-12 16:22:58 CEST
New Debian exim4 4.89-2+deb9u4A~4.4.0.201906060939 fixes: This update addresses the following issue: * Remote command execution in deliver_message() function in /src/deliver.c (CVE-2019-10149)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/exim4_4.89-2+deb9u3A~4.3.0.201802210931.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/exim4_4.89-2+deb9u4A~4.4.0.201906060939.dsc @@ -1,7 +1,12 @@ -4.89-2+deb9u3A~4.3.0.201802210931 [Wed, 21 Feb 2018 09:31:19 +0100] Univention builddaemon <buildd@univention.de>: +4.89-2+deb9u4A~4.4.0.201906060939 [Thu, 06 Jun 2019 09:39:05 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 10_default-mta + +4.89-2+deb9u4 [Tue, 28 May 2019 22:13:55 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Fix remote command execution vulnerability (CVE-2019-10149) 4.89-2+deb9u3 [Sat, 10 Feb 2018 09:26:05 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.4-0/#2530625011387841464>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 7cb7ea26bb Bug #49603: exim4 4.89-2+deb9u4A~4.4.0.201906060939 doc/errata/staging/exim4.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.4/144.html>