On Fri, May 28, 2010 17:28, Nigel Metheringham wrote:
> I have just uploaded a 4.72 RC test release to exim.org
>
> Changelog is embedded, and also at
>
> http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?revision=1.608&view=markup&pathrev=exim-4_72_RC1
Is exim only going to be updated with new features added
by maintainers, and minor security issues?
There are two uninitialised data bugs in the DKIM code
that really should be fixed in a 4.72 release.
http://bugs.exim.org/show_bug.cgi?id=985 pdkim.c may use a string that isn't null terminated
http://bugs.exim.org/show_bug.cgi?id=986 pkdim sign_headers value may not be initialised
And this regression in dnsbl's behaviour caused by the
initial DKIM merge:
http://bugs.exim.org/show_bug.cgi?id=967 DKIM-mandated undocumented behaviour change
This release appears to be getting rushed through just
because it fixes an issue that has a CVE number.
--
Simon Arlott
