Re: [exim-dev] Security issues in exim4 local delivery

Top Page

Reply to this message
Author: Dan Rosenberg
To: Nigel Metheringham
CC: pdp, exim-dev
Subject: Re: [exim-dev] Security issues in exim4 local delivery
That sounds reasonable to me. I'll plan on a disclosure date of
Tuesday, June 1, with the idea being that by then you'll know whether
or not the MBX locking issue will be fixed in 4.72.


On Fri, May 28, 2010 at 3:02 PM, Nigel Metheringham
<nigel.metheringham@???> wrote:
> With or without Phil's proposed changes, I think we are looking in
> terms of a week minimum to get a real release together, since I don't
> want to be doing another one immediately after to fix the other issues
> we let through :-(
> I also need to pull in the others who have volunteered to take on some
> of this for the future.
> So the best scenario is 1 week.
> My inclination is, if you are agreeable, to hold off a couple of days
> on advisories to see if Phil can propose an appropriate solution.
> That will give the difference between "a fix for this issue will be
> in exim 4.72 or it may be mitigated by.." and "mitigation by..."
> However I'd also be comfortable with immediate advisory publication.
>        Nigel.
> --
> [ Nigel Metheringham             Nigel.Metheringham@??? ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]