Author: Miquel van Smoorenburg Date: To: exim-users Subject: Re: [Exim] Fw: [LIH] (fwd) [SECURITY] [DSA-058-1] exim printf format attack
In article <20010611130335.A15570@???>,
Suresh Ramasubramanian <mallet@???> wrote: >Hmm... looks like Debian decided to patch exim 3.12. When's Philip Hazel
>back?
For the latest released distributtion, the Debian folks always prefer
to backport security fixes to the version that came with that distribution,
since they consider too dangerous to force the user to upgrade to
a new release just by installing a security update.
It makes sense, I've seen too many production systems fail after
a 'security upgrade' to a new release because some subtle thing
changed along with it. You should be able to drop in a security
update that *just* fixes the security problem.