On 2012-10-26 at 10:48 +0200, Cyborg wrote: > I intensivly hope you have send this message to Redhat and co before
> you got public here.
I intensely hope that you are subscribed to exim-announce, where the
4.80.1 announcement itself was sent, which explained that this is
exactly what was happening on Thursday.
This was a coordinated release, with the OS packagers having early
access to the release tarballs, the fix patch, precise affected version
numbers of Exim, etc.
> What do you suggest as a workaround for people with installations from
> distros ?
The work-around in the announcement itself (as opposed to this "more
details" thread).
You'll note that there's a CVE identifier in the announcement.
The Debian folk inform me that the Debian Security Advisory is numbered
DSA-2566-1.
The other OS packagers have not (yet) given me their numbers, and I
haven't asked -- it's between them and their customers. Debian chose to
share. :)
