From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: SECURITY: Exim CVE-2017-16943
Date: Sun, 26 Nov 2017 15:34:58 -0500
Message-ID: <20171126203458.GA6380@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39514)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1eJ3dp-0003Mw-Is
	for guix-devel@gnu.org; Sun, 26 Nov 2017 15:35:10 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1eJ3dk-0000im-Uh
	for guix-devel@gnu.org; Sun, 26 Nov 2017 15:35:05 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:33251)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1eJ3dk-0000id-LA
	for guix-devel@gnu.org; Sun, 26 Nov 2017 15:35:00 -0500
Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70])
	by mail.messagingengine.com (Postfix) with ESMTPA id C70CD7E6EE
	for <guix-devel@gnu.org>; Sun, 26 Nov 2017 15:34:59 -0500 (EST)
Content-Disposition: inline
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello!

------
commit 5b327a2d6192adbabb5b98bc3a78eb8402bd6d1d
Author: Leo Famulari <leo@famulari.name>
Date:   Sun Nov 26 15:23:13 2017 -0500

    gnu: exim: Fix CVE-2017-16943.
   =20
    * gnu/packages/patches/exim-CVE-2017-16943.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/mail.scm (exim)[source]: Use it.
------

This commit fixes a bug in Exim that allows attackers to gain remote
code execution on your server. If you are using Exim from the Guix
package, please update it as soon as possible.

For more information:

https://bugs.exim.org/show_bug.cgi?id=3D2199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-16943

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlobJXIACgkQJkb6MLrK
fwhZNBAAoazXrHJFxNHaF9nBhvyvF8d+K/WnuNgdYdLi4TePIcZ9JvOO9Tl9mBbr
M88RVaalnSFogoM4jNkG4Sx5G3pSt0CyIdnobROSulwARuWTNnp8DLN6CL5jBeh5
vfNZ6nLMboJWMT6p98PE7939xCVhwAVATqpLIU/dQGe9Y4WyNmphT++8Qbouok9r
9+G+543T3Zub1L0ipFr+O3NzjnzX0h+QP/cSrp4ywoN5q0NqBiQzah7U2Jb+e9LT
FS/VxLM8mufAYyX8g+k/JHOuB8Bpv5pJK6WMzk6mmlbV9ZYr8MlZflq6vfYezP69
ejHLV+qWz847d2bG7YFKu85sMHGkxAjYWdlr70fLqabYAElLABsxgktBmOE10D1g
v1j/d9qw/6GUZZ3a1oP51+plQyongKJolrLCdVz5Jdx78GqBot8PO9OgIhMccwmO
pSSrq4IyDv3kX7mpwckSMsbQ+JTkbzAeV97ffgqHlzSW4zVNj4T8629WTszC890g
plZs7jemB0moQk82YP5Uw/4LmEYtVtZpb3+0tUM6txvmUmZyXxTPu+yCJnPUk91F
PTEzYGLNGyrI1KDyc+7BvcSfG+UJ4mMYVmkFKPNPZ8TnpMsyRrysVVZyBzded9Ta
54KkAfhU6bW58F9zjCp3uyXhwMaUEhgzb4T8HCNHbvlDPHm/W/k=
=1v7l
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--