diff --git a/CVE-2023-51766.patch b/CVE-2023-51766.patch new file mode 100644 index 0000000000000000000000000000000000000000..78563b5a472ea60323307c50e3457ece4ecf1406 --- /dev/null +++ b/CVE-2023-51766.patch @@ -0,0 +1,28 @@ +From 06a6f188c5fd423e787146f992e5a97f2476de91 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Tue, 9 Jul 2024 11:23:21 +0800 +Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063 + +--- + src/smtp_in.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/smtp_in.c b/src/smtp_in.c +index eb9c7e6..215a4c7 100644 +--- a/src/smtp_in.c ++++ b/src/smtp_in.c +@@ -5110,7 +5110,10 @@ while (done <= 0) + dummy call to get the DATA command sent. */ + + if (!acl_smtp_predata && cutthrough.cctx.sock < 0) +- rc = OK; ++ { ++ if (!check_sync()) goto SYNC_FAILURE; ++ rc = OK; ++ } + else + { + uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept"; +-- +2.27.0 + diff --git a/exim.spec b/exim.spec index 09b0b1f5ff7ee4e4d62e9d16ebb64f1ededcbcf8..40f4c4864ec6ccb8a7a382760e2dd416ee3d2b73 100644 --- a/exim.spec +++ b/exim.spec @@ -4,7 +4,7 @@ Summary: The exim mail transfer agent Name: exim Version: 4.97.1 -Release: 1 +Release: 2 License: GPLv2+ Url: https://www.exim.org/ @@ -39,7 +39,7 @@ Patch0: exim-4.97-config.patch Patch1: exim-4.94-libdir.patch Patch2: exim-4.97-dlopen-localscan.patch Patch3: exim-4.96-pic.patch - +Patch4: CVE-2023-51766.patch Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: setup @@ -480,6 +480,9 @@ fi %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Tue Jul 9 2024 technology208 - 4.97-2 +- Fix CVE-2023-51766 + * Sun Feb 4 2024 zhuchao - 4.97.1-1 - DESC:upgrade to 4.97.1 to resolve the CVE-2023-51766 @@ -493,4 +496,4 @@ fi - DESC:add build requirement init * Tue Oct 18 2022 zhuchao - 4.96-1 -- DESC:Package init \ No newline at end of file +- DESC:Package init