CVE-2019-19920

Priority
Description
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write
a .cf file or a rule. This occurs because Greylisting.pm relies on eval
(rather than direct parsing and/or use of the taint feature). This issue is
similar to CVE-2018-11805.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.2.1-14+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4.2.1-19)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4.2.1-19)
More Information

Updated: 2020-09-19 00:17:03 UTC (commit ca346fecff6ea49683ea6848807c73588e4e0989)