RE: [Exim] Fw: (bugtraq) Exim 3.34 and lower

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: NOC - KP^2
Dátum:  
Címzett: exim-users
Tárgy: RE: [Exim] Fw: (bugtraq) Exim 3.34 and lower
I feel the same way about this security issue (if it exists).

First, the proper protocol wasn't followed by notifying the author and
giving a reasonable amount of time for a response. Secondly, this so called
"utility" has not been released for it's own audit, has a questionable
origin (in my eyes), and hasn't even been released as a beta as far as I can
see. This whole thing smells of bad juju.

CK

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org]On
Behalf Of Phil Brutsche
Sent: Wednesday, February 13, 2002 10:49 PM
To: exim-users@???
Subject: Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower


On Wed, 2002-02-13 at 21:44, Suresh Ramasubramanian wrote:
> Eh?


My same thought.

I can verify the segfault with the command line, and parts of the patch
make sense (ie replacing strcpy with strncpy).

I would wait to hear from Philip Hazel before I do anything rash like
apply it, though.

My only question is: why didn't contact Philip Hazel before sending it
off to bugtraq? That is the most logical course of action.

--

Phil


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##