Re: [exim-dev] Security issues in exim4 local delivery

Top Page

Reply to this message
Author: Phil Pennock
To: Dan Rosenberg
CC: pdp, Nigel Metheringham, exim-dev
Subject: Re: [exim-dev] Security issues in exim4 local delivery
On 2010-05-28 at 14:06 -0400, Dan Rosenberg wrote:
> Good to hear Exim may continue to be developed after all. What does
> this mean in regards to fixing these particular issues? Will you have
> time after this week to work on a fix? Should I bother waiting, or
> should I just release an advisory describing how to mitigate the
> issues with configuration changes and mention that a new release is
> pending? I'd rather public sooner than later, especially since the
> Bugzilla entries appear to be public - as in, the vulnerabilities
> themselves are technically public already.

Me myself: I'll have time to spend this weekend writing an alternative
fix for the second problem and if everyone's happy then we should be
able to bundle up a release for next week.

-Phil (not the original Phil who has been talked about in this thread)