Univention Bugzilla – Bug 55139
exim4: Multiple issues (5.0)
Last modified: 2022-08-31 12:19:37 CEST
New Debian exim4 4.92-8+deb10u7 fixes: This update addresses the following issue: * Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. (CVE-2022-37452)
--- mirror/ftp/pool/main/e/exim4/exim4_4.92-8+deb10u6.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/exim4_4.92-8+deb10u7.dsc @@ -1,3 +1,9 @@ +4.92-8+deb10u7 [Wed, 24 Aug 2022 18:23:44 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2022-37452: heap-based buffer overflow for the alias list in + host_name_lookup in host.c when sender_host_name is set. + 4.92-8+deb10u6 [Sat, 01 May 2021 11:42:39 +0200] Andreas Metzler <ametzler@debian.org>: * Fix several security vulnerabilities reported by Qualys and add related <http://piuparts.knut.univention.de/5.0-2/#861317009529530910>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 7fb8638cf5 Bug #55139: exim4 4.92-8+deb10u7 doc/errata/staging/exim4.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [5.0-2] d4e3192970 Bug #55139: exim4 4.92-8+deb10u7 doc/errata/staging/exim4.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [5.0-2] b9c1af9b7b Bug #55139: exim4 4.92-8+deb10u7 doc/errata/staging/exim4.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x395>