On Mon, 12 Sep 2005, Mike Bethune wrote:
> Hi,
> is there a patch for the included pcre libraries due to CAN-2005-2491
No, but the next release contains fixed code. The only externally
supplied regex that Exim uses are in users' filter files, which are run
in processes that are running with the user's uid. Therefore, if they
cause havoc through this bug, they affect only that user. At least,
that's the theory.
> Also could there be an option to use ext pcre libs (as redhat's update for rhel4 does)?
This item is something that has previously been discussed. What I would
like to do is to include a vanilla PCRE distribution instead of the
specially cut-down one that Exim currently uses, and have the option of
using it or an external library. This is a reasonable amount of work, so
it won't get done for some time, I'm afraid.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
