Re: [exim] Exim 4.80.1 security release - details

Top Page
This message is part of the following thread:
M+-+--+\the complete thread tree sorted by date
MM.M-\MMPhil Pennock at <-
MM\M\M.MCyborg at ->
Delete this message
Reply to this message
Author: Marius Stan
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.80.1 security release - details
On 26.10.2012 11:35, Phil Pennock wrote:
> Folks,
>
> During internal code review on Wednesday, I uncovered a remote code
> execution hole in Exim, affecting releases 4.70 to 4.80, in the DKIM
> handling. This can be triggered by anyone who can send you email from a
> domain for which they control the DNS, and gets them the Exim run-time
> user.
Hi Phil,
If an existing exim instalation doesn't verify received DKIMs is it
still vulnerable ?


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Exim 4.80.1 security release - detailsRe: [exim] Exim 4.80.1 security release - details->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)