On 2005-01-12 Nigel Metheringham <Nigel.Metheringham@???> wrote:
> Its now certain that the exim 4.50 release will not happen before March
> (as Philip wisely won't release just before he goes away, and its
> getting too close to that deadline to get the documentation updated and
> any bugs worked out.
> There are a couple of security related bugs that have been exposed. It
> is my feeling that people generally do not pick up bug fix patches and
> so there is a case to be made for an early release of a version that
> fixes these bugs.
Thanks, Nigel. That would be splendid, imho.
[...]
> 33. Check dnsdb PTR key for IP address before reversing.
> 34. Put a check in host_aton() to protect against buffer overrun
> 35. Fix buffer overflow vulnerability in spa_base64_to_bits() function.
These are CAN-2005-0021 (33/34) and CAN-2005-0022 (35), it would be
nice if the changelog could note this.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/
