On Fri, Oct 26, 2012 at 05:03:20AM -0400, Phil Pennock wrote:
> On 2012-10-26 at 10:48 +0200, Cyborg wrote:
> > I intensivly hope you have send this message to Redhat and co before
> > you got public here.
>
> You'll note that there's a CVE identifier in the announcement.
>
> The other OS packagers have not (yet) given me their numbers, and I
> haven't asked -- it's between them and their customers. Debian chose to
> share. :)
Per Red Hat (
https://access.redhat.com/security/cve/CVE-2012-5671):
Not Vulnerable. This issue does not affect the version of exim as
shipped with Red Hat Enterprise Linux 5.
This is true; RHEL 5 ships with exim 4.63. RHEL 6 does not ship with
exim; exim 4.72 is in the EPEL (Extra Packages for Enterprise Linux)
repository provided by the Fedora Project.
Jim Trigg (not directly affiliated with Red Hat)