tidying
[exim.git] / doc / doc-txt / cve-2019-15846 / posting-1.txt
CommitLineData
c3aefacc
HSHR
1To: oss-security@lists.openwall.com, exim-users@exim.org,
2 exim-announce@exim.org
3From: [ do not use a dmarc protected sender ]
4
5*** Note: EMBARGO is still in effect ***
6*** Distros must not publish any detail yet ***
7
8Head up! Security release ahead!
9
10CVE ID: CVE-2019-15846
11Version(s): up to and including 4.92.1
12Issue: A local or remote attacker can execute programs with root
13 privileges.
14Details: Will be made public at CRD.
15
16Coordinated Release Date (CRD) for Exim 4.92.2: 2019-09-06 10:00 UTC
17
18Contact: security@exim.org
19
20Proposed Timeline
21=================
22
232019-09-03:
24 - initial notification to distros@openwall.org and
25 exim-maintainers@exim.org
26
272019-09-04: <-- NOW
28 - This Heads-up notice to oss-security@lists.openwall.com,
29 exim-users@exim.org, and exim-announce@exim.org
30
312019-09-06 10:00 UTC:
32 - Coordinated relase date
33 - Publish the patches in our official and public Git repositories
34 and the packages on our FTP server.
35
36Downloads available starting at CRD
37====================================
38
39The downloads are not yet available. They will be made available
40at the above mentioned CRD.
41
42Release tarballs (exim-4.92.2):
43
44 https://ftp.exim.org/pub/exim/exim4/
45
46The package files are signed with my GPG key.
47
48The full Git repo:
49
50 https://git.exim.org/exim.git
51 https://github.com/Exim/exim [mirror of the above]
52 - tag exim-4.92.2
53 - branch exim-4.92.2+fixes
54
55The tagged commit is the officially released version. The tag is signed
56with my GPG key. The +fixes branch isn't officially maintained, but
57contains useful patches *and* the security fix. The relevant commit is
58signed with my GPG key. The old exim-4.92.1+fixes branch is being functionally
59replaced by the new exim-4.92.2+fixes branch.