Author: Phil Pennock Date: To: Dan Rosenberg CC: pdp, Nigel Metheringham, exim-dev Subject: Re: [exim-dev] Security issues in exim4 local delivery
On 2010-05-28 at 14:06 -0400, Dan Rosenberg wrote: > Good to hear Exim may continue to be developed after all. What does
> this mean in regards to fixing these particular issues? Will you have
> time after this week to work on a fix? Should I bother waiting, or
> should I just release an advisory describing how to mitigate the
> issues with configuration changes and mention that a new release is
> pending? I'd rather public sooner than later, especially since the
> Bugzilla entries appear to be public - as in, the vulnerabilities
> themselves are technically public already.
Me myself: I'll have time to spend this weekend writing an alternative
fix for the second problem and if everyone's happy then we should be
able to bundle up a release for next week.
-Phil (not the original Phil who has been talked about in this thread)