CVE-2019-13917 - log back

CVE-2019-13917 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
References
+ https://seclists.org/oss-sec/2019/q3/63
+ https://lists.exim.org/lurker/message/20190725.090419.d506f736.en.html
Notes