Re: [exim] string expansion failure exim 4.80

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MUwe Rothmeier at <-
M 
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] string expansion failure exim 4.80
On 04/08/14 10:39, Uwe Rothmeier wrote:
> Any hint how to put that statement in 4.80? I am not so familiar with
> exim and do not want to compile from source.

It's not a compilation issue.

$domain is data supplied by a potential attacker.
Using it to form a filename without validating it
is dangerous.

If that coding is actually in Debian exim4-daemon-heavy
you should raise a bug with Debian.
Are you certain you're not using an earlier-version
config file?
--
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Inserting a TLS status header?[exim] exim 4.82 - callouts with smtp auth->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)