Re: [exim] Exim 4.80.1 security release - details

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Cyborg
CC: exim-users
Betreff: Re: [exim] Exim 4.80.1 security release - details
On 2012-10-26 at 10:48 +0200, Cyborg wrote:
> I intensivly hope you have send this message to Redhat and co before
> you got public here.


I intensely hope that you are subscribed to exim-announce, where the
4.80.1 announcement itself was sent, which explained that this is
exactly what was happening on Thursday.

This was a coordinated release, with the OS packagers having early
access to the release tarballs, the fix patch, precise affected version
numbers of Exim, etc.

> What do you suggest as a workaround for people with installations from
> distros ?


The work-around in the announcement itself (as opposed to this "more
details" thread).

You'll note that there's a CVE identifier in the announcement.

The Debian folk inform me that the Debian Security Advisory is numbered
DSA-2566-1.

The other OS packagers have not (yet) given me their numbers, and I
haven't asked -- it's between them and their customers. Debian chose to
share. :)

-Phil