Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable

Pàgina inicial
Delete this message
Reply to this message
Autor: Cyborg
Data:  
A: exim-users
Assumpte: Re: [exim] CVE-2019-10149: 4.87 to 4.91 are vulnerable
Am 06.06.19 um 14:25 schrieb Spencer Marshall via Exim-users:
> why is this only being applied to +local_domains? why not everything?
>  deny    message       = Restricted characters in address
>                local_parts   = ^[.] : ^.*[\$@%!/|]

>
>


Because there are two Restricted Char rules, one for your domain, and
for other domains
and the Regex match differs a bit.

YOU can shrink that down if you like. Honestly, i wondered myself why
there a two rules,
but adding to it to two rules isn't that much more work, so i left it as
it was. (2 rules patched,1 added for exploit#2 )

Best regards,
Marius