Autor: Jeremy Harris Data: Para: exim-users Assunto: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
On 06/06/2019 12:24, Cyborg via Exim-users wrote: > As the Advisiory is a bit unspecific for a protection, shouldn't a check
> for "$" in
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/|]
That would suffice. You'd want to do the equivalent in the non-smtp
ACL also, and I'd personally not restrict it to local domains.
> Is it possible/pausible that fedora build it with "DISABLE_EVENT" defined,
> so the vulnerable code is not in there?
>
> any way to check that ( did not find the show compile settings on the web ) ?