Univention Bugzilla – Bug 49928
exim4: Multiple issues (4.3)
Last modified: 2019-07-31 14:25:38 CEST
New Debian exim4 4.89-2+deb9u5A~4.3.4.201907290935 fixes: This update addresses the following issue: * ${sort} in configuration leads to privilege escalation (CVE-2019-13917)
--- mirror/ftp/4.3/unmaintained/component/4.3-4-errata/source/exim4_4.89-2+deb9u4A~4.3.4.201906060906.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/exim4_4.89-2+deb9u5A~4.3.4.201907290935.dsc @@ -1,7 +1,12 @@ -4.89-2+deb9u4A~4.3.4.201906060906 [Thu, 06 Jun 2019 09:06:44 +0200] Univention builddaemon <buildd@univention.de>: +4.89-2+deb9u5A~4.3.4.201907290935 [Tue, 30 Jul 2019 10:11:10 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 10_default-mta + +4.89-2+deb9u5 [Sat, 20 Jul 2019 13:32:35 +0200] Andreas Metzler <ametzler@debian.org>: + + * Fix remote command execution vulnerability related to + "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 4.89-2+deb9u4 [Tue, 28 May 2019 22:13:55 +0200] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.3-4/#857008718697443092>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] d708f60f55 Bug #49928: exim4 4.89-2+deb9u5A~4.3.4.201907290935 doc/errata/staging/exim4.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.3/553.html>