Re: [exim-dev] Test release of exim 4.72 uploaded

Top Page

Reply to this message
Author: Simon Arlott
Date:  
To: exim-dev
Subject: Re: [exim-dev] Test release of exim 4.72 uploaded
On Fri, May 28, 2010 17:28, Nigel Metheringham wrote:
> I have just uploaded a 4.72 RC test release to exim.org
>
> Changelog is embedded, and also at
>
> http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?revision=1.608&view=markup&pathrev=exim-4_72_RC1


Is exim only going to be updated with new features added
by maintainers, and minor security issues?

There are two uninitialised data bugs in the DKIM code
that really should be fixed in a 4.72 release.

http://bugs.exim.org/show_bug.cgi?id=985 pdkim.c may use a string that isn't null terminated
http://bugs.exim.org/show_bug.cgi?id=986 pkdim sign_headers value may not be initialised

And this regression in dnsbl's behaviour caused by the
initial DKIM merge:

http://bugs.exim.org/show_bug.cgi?id=967 DKIM-mandated undocumented behaviour change

This release appears to be getting rushed through just
because it fixes an issue that has a CVE number.

--
Simon Arlott