X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=doc%2Fdoc-txt%2Fcve-2019-16928%2Fcve.txt;h=3a79460e16f4152a5e0296ad6a73e08f43600879;hp=873b69c34323c751b17abc36355c5cdadad6728e;hb=e39f19e031fc0a8df547823725c77af22d6b27c9;hpb=5346d9dc34a1d219f341c296a8860b1fa5c05a7e

diff --git a/doc/doc-txt/cve-2019-16928/cve.txt b/doc/doc-txt/cve-2019-16928/cve.txt
index 873b69c34..3a79460e1 100644
--- a/doc/doc-txt/cve-2019-16928/cve.txt
+++ b/doc/doc-txt/cve-2019-16928/cve.txt
@@ -29,42 +29,27 @@ There is - beside updating the server - no known mitigation.
 Fix
 ===
 
-We plan to publish a new security release (*will* be 4.92.3) of Exim
-during the next 48 hours, ideally before monday 8.00 UTC. (We're still
-running regression tests.)
-
-Distros may have already picked the patch mentioned below and may have
-already released a fixed version. Please check your distribution's
-changelogs.
-
-If you can't wait, please use use our git repository http://git.exim.org/exim.git,
-checkout the branch exim-4.92.2+fixes and use the commit 478effbfd9c3cc5a627fc671d4bf94d13670d65f
-
-A direct link to the commit is:
-https://git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f
-
-which basically does:
-
---- a/src/src/string.c
-+++ b/src/src/string.c
-@@ -1132,7 +1132,7 @@ store_reset(g->s + (g->size = g->ptr + 1));
- Arguments:
-   g            the growable-string
-   p            current end of data
--  count                amount to grow by
-+  count                amount to grow by, offset from p
- */
-
- static void
-@@ -1590,7 +1590,7 @@ while (*fp)
-        }
-       else if (g->ptr >= lim - width)
-        {
--       gstring_grow(g, g->ptr, width - (lim - g->ptr));
-+       gstring_grow(g, g->ptr, width);
-        lim = g->size - 1;
-        gp = CS g->s + g->ptr;
-        }
-
-
-We thank you for using Exim.
+Download and build the fixed version 4.92.3
+
+    Tarballs: https://ftp.exim.org/pub/exim/exim4/
+    Git:      https://github.com/Exim/exim.git
+              - tag    exim-4.92.3
+              - branch exim-4.92.3+fixes
+
+The tagged commit is the officially released version. The +fixes branch
+isn't officially maintained, but contains the security fix *and* useful
+fixes.
+
+If you can't install the above versions, ask your package maintainer for
+a version containing the backported fix. On request and depending on our
+resources we will support you in backporting the fix.  (Please note,
+the Exim project officially doesn't support versions prior the current
+stable version.)
+
+Timeline
+=========
+
+- 2019-09-27    Report as Bug 2499
+- 2019-09-28    Announcement to exim-maintainers, oss-security
+- 2019-09-28    Release 4.92.3, Release-Announcements to
+                exim-{announce,users,maintainers}, oss-security