oss-sec mailing list archives

Re: CVE Request: exim STARTTLS fix

From: Michael Tokarev <mjt () tls msk ru>
Date: Tue, 24 May 2011 15:42:31 +0400

24.05.2011 15:24, Josh Bressers wrote:

----- Original Message -----

Hi,

while reviewing EXIM git for the last security issues, I also found the
STARTTLS fix:

http://git.exim.org/exim.git/commitdiff/da80c2a8ed49427334af613c00df65ae301cacdd

Is fixed with exim 4.76 apparently.


That commit suggests it's not an issue, but rather some extra paranoid
buffer wiping. Is there a reason to believe this is a problem?


Isn't it CVE-2011-0411 attack ?

/mjt

Current thread:

CVE Request: exim STARTTLS fix Marcus Meissner (May 20)
- Re: CVE Request: exim STARTTLS fix Josh Bressers (May 24)
  - Re: CVE Request: exim STARTTLS fix Marcus Meissner (May 24)
  - Re: CVE Request: exim STARTTLS fix Michael Tokarev (May 24)