Todd Lyons wrote, on 28/05/14 14:25:
> This issue is known by the CVE ID of CVE-2014-2957, was reported
> directly to the Exim development team by a company which uses Exim for
> its mail server. An Exim developer constructed a small patch which
> altered the way the contents of the From header is parsed by converting
> it to use safer and better internal functions. It was applied and
> tested on a production server for correctness. We were notified of the
> vulnerability Friday night, created a patch on Saturday, applied and
> tested it on Sunday, notified OS packagers on Monday/Tuesday, and are
> releasing on the next available work day, which is Wednesday.
Reading the diff... besides the improved coding, was this the same issue also
fixed by
http://bugs.exim.org/show_bug.cgi?id=1433 ?
The CVE number is not accessible yet.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
