Ubuntu
exim4 package

Please update to 4.88, fix CVE-2016-9963

Bug #1654750 reported by Andreas Metzler on 2017-01-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	exim4 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Please sync from Debian, upgrading to 4.88. 4.87 is vulnerable to CVE-2016-9963.

CVE References

2016-9963

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2017-01-24:

FYI - merge for zesty in progress - thanks for the Info.
Subscribing the security Team for their consideration on security SRU updates.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-01-25:

This bug was fixed in the package exim4 - 4.88-5ubuntu1

---------------
exim4 (4.88-5ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable.
    Version 4.88 fixes CVE-2016-9963 (LP: #1654750) and symlink
    local root escalation (LP: #1580454)
    Remaining changes:
    + Show Ubuntu distribution in SMTP banner.
    + Build-Depends on lsb-release (needed for the Ubuntu SMTP banner patch)

-- Christian Ehrhardt <email address hidden> Tue, 24 Jan 2017 10:15:09 +0100

Changed in exim4 (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuexim4 package