Re: [exim] Exim 4.80.1 security release - details

Top Page
This message is part of the following thread:
M----\the complete thread tree sorted by date
M\...MPhil Pennock at <-
MM++\exim-users at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Cyborg
CC: exim-users
Subject: Re: [exim] Exim 4.80.1 security release - details
On 2012-10-26 at 10:48 +0200, Cyborg wrote:
> I intensivly hope you have send this message to Redhat and co before
> you got public here.

I intensely hope that you are subscribed to exim-announce, where the
4.80.1 announcement itself was sent, which explained that this is
exactly what was happening on Thursday.

This was a coordinated release, with the OS packagers having early
access to the release tarballs, the fix patch, precise affected version
numbers of Exim, etc.

> What do you suggest as a workaround for people with installations from
> distros ?

The work-around in the announcement itself (as opposed to this "more
details" thread).

You'll note that there's a CVE identifier in the announcement.

The Debian folk inform me that the Debian Security Advisory is numbered
DSA-2566-1.

The other OS packagers have not (yet) given me their numbers, and I
haven't asked -- it's between them and their customers. Debian chose to
share. :)

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim 4.80.1 security release - detailsRe: [exim] Exim 4.80.1 security release - details->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)