Re: [exim-dev] Security issues in exim4 local delivery

Top Page

Reply to this message
Author: Dan Rosenberg
Date:  
To: Nigel Metheringham
CC: pdp, exim-dev
Subject: Re: [exim-dev] Security issues in exim4 local delivery
That sounds reasonable to me. I'll plan on a disclosure date of
Tuesday, June 1, with the idea being that by then you'll know whether
or not the MBX locking issue will be fixed in 4.72.

-Dan

On Fri, May 28, 2010 at 3:02 PM, Nigel Metheringham
<nigel.metheringham@???> wrote:
> With or without Phil's proposed changes, I think we are looking in
> terms of a week minimum to get a real release together, since I don't
> want to be doing another one immediately after to fix the other issues
> we let through :-(
>
> I also need to pull in the others who have volunteered to take on some
> of this for the future.
>
> So the best scenario is 1 week.
>
> My inclination is, if you are agreeable, to hold off a couple of days
> on advisories to see if Phil can propose an appropriate solution.
> That will give the difference between "a fix for this issue will be
> in exim 4.72 or it may be mitigated by.." and "mitigation by..."
>
> However I'd also be comfortable with immediate advisory publication.
>
>        Nigel.
>
> --
> [ Nigel Metheringham             Nigel.Metheringham@??? ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]
>
>
>
>
>