Candidate: CVE-2020-8015
PublicDate: 2020-04-02 08:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8015
 https://bugzilla.suse.com/show_bug.cgi?id=1154183
Description:
 A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of
 exim in openSUSE Factory allows local attackers to escalate from user mail
 to root. This issue affects: openSUSE Factory exim versions prior to
 4.93.0.4-3.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_exim4:
upstream_exim4: not-affected (opensuse packaging)
precise/esm_exim4: DNE
trusty_exim4: ignored (out of standard support)
trusty/esm_exim4: not-affected (opensuse packaging)
xenial_exim4: not-affected (opensuse packaging)
esm-infra/xenial_exim4: not-affected (opensuse packaging)
bionic_exim4: not-affected (opensuse packaging)
eoan_exim4: not-affected (opensuse packaging)
devel_exim4: not-affected (opensuse packaging)