Re: [exim-dev] Proposed 4.44 release

Pàgina inicial
Delete this message
Reply to this message
Autor: Andreas Metzler
Data:  
A: exim-dev
Assumpte: Re: [exim-dev] Proposed 4.44 release
On 2005-01-12 Nigel Metheringham <Nigel.Metheringham@???> wrote:
> Its now certain that the exim 4.50 release will not happen before March
> (as Philip wisely won't release just before he goes away, and its
> getting too close to that deadline to get the documentation updated and
> any bugs worked out.


> There are a couple of security related bugs that have been exposed. It
> is my feeling that people generally do not pick up bug fix patches and
> so there is a case to be made for an early release of a version that
> fixes these bugs.


Thanks, Nigel. That would be splendid, imho.

[...]
> 33. Check dnsdb PTR key for IP address before reversing.


> 34. Put a check in host_aton() to protect against buffer overrun


> 35. Fix buffer overflow vulnerability in spa_base64_to_bits() function.


These are CAN-2005-0021 (33/34) and CAN-2005-0022 (35), it would be
nice if the changelog could note this.
          cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/