CVE-2019-13917 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Group Package Affected Fixed Severity Status Ticket
AVG-1011 exim 4.92-1 4.92.1-1 Critical Fixed
Date Advisory Group Package Severity Description
05 Aug 2019 ASA-201908-4 AVG-1011 exim Critical arbitrary code execution
References
https://seclists.org/oss-sec/2019/q3/63
https://lists.exim.org/lurker/message/20190725.090419.d506f736.en.html