Please merge exim4 4.82.1-2 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
exim4 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Ubuntu's exim4 packages are based on Debian 4.82-8 and therefore missing these two fixes:
exim4 (4.82.1-1) unstable; urgency=high
.
* New upstream security release, fixing CVE-2014-2957. This is a remote
code execution flaw in Exim version 4.82 (only) when built with DMARC
support. Debian's binary packages are not built with DMARC support and
therefore not vulnerable. However we want to fix this for people building
their own binaries based on Debian's packaging.
exim4 (4.82.1-2) unstable; urgency=high
.
* [87_double_
of arguments to mathematical comparison operations.
CVE-2014-2972
Please sync with Debian unstable (or experimental).
thanks, cu Andreas
Thank you for taking the time for Ubuntu. I'll triage this as a "exim4 needs a merge" bug, to resync against Debian's 4.82.1-1. I don't think we need a security bug as it'd be fixed by the merge and because of its priority the merge would probably come first. If anyone else wants a bug to specifically track the security issue, feel free to file it.