Re: [exim-dev] Security issues in exim4 local delivery

Top Page

Reply to this message
Author: Nigel Metheringham
To: Dan Rosenberg
CC: pdp, exim-dev
Subject: Re: [exim-dev] Security issues in exim4 local delivery
With or without Phil's proposed changes, I think we are looking in
terms of a week minimum to get a real release together, since I don't
want to be doing another one immediately after to fix the other issues
we let through :-(

I also need to pull in the others who have volunteered to take on some
of this for the future.

So the best scenario is 1 week.

My inclination is, if you are agreeable, to hold off a couple of days
on advisories to see if Phil can propose an appropriate solution.
That will give the difference between "a fix for this issue will be
in exim 4.72 or it may be mitigated by.." and "mitigation by..."

However I'd also be comfortable with immediate advisory publication.


[ Nigel Metheringham             Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]