Univention Bugzilla – Bug 49925
exim4: Multiple issues (4.4)
Last modified: 2019-07-31 13:58:45 CEST
New Debian exim4 4.89-2+deb9u5A~4.4.1.201907290843 fixes: This update addresses the following issue: * ${sort} in configuration leads to privilege escalation (CVE-2019-13917)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/exim4_4.89-2+deb9u4A~4.4.0.201906060939.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/exim4_4.89-2+deb9u5A~4.4.1.201907290843.dsc @@ -1,7 +1,12 @@ -4.89-2+deb9u4A~4.4.0.201906060939 [Thu, 06 Jun 2019 09:39:05 +0200] Univention builddaemon <buildd@univention.de>: +4.89-2+deb9u5A~4.4.1.201907290843 [Mon, 29 Jul 2019 08:43:42 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 10_default-mta + +4.89-2+deb9u5 [Sat, 20 Jul 2019 13:32:35 +0200] Andreas Metzler <ametzler@debian.org>: + + * Fix remote command execution vulnerability related to + "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 4.89-2+deb9u4 [Tue, 28 May 2019 22:13:55 +0200] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.4-1/#6991016173886639248>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 146c8ce426 Bug #49925: exim4 4.89-2+deb9u5A~4.4.1.201907290843 doc/errata/staging/exim4.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-1] 218769dd0b Bug #49925: exim4 4.89-2+deb9u5A~4.4.1.201907290843 doc/errata/staging/exim4.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.4/197.html>