Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MCyborg at <-
M\MMJeremy Harris at ->
Delete this message
Reply to this message
Author: Ian Zimmerman
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
On 2019-06-23 23:52, Cyborg wrote:

> Anyone who used this restricted chars patch:
>
>   deny    message       = Restricted characters in address
>           domains       = +local_domains
>           local_parts   = ^[.] : ^.*[\$@%!/|]
>
> should update to this ruleset :
>
>   deny    message       = Restricted characters in address
>           domains       = +local_domains
>           local_parts   = ^[.] : ^.*[\$@%!/|] : ^.*x24 : ^.*0.44
>
> as there is a unexpected problem with jeremy's version, which will
> reject any x24 in any part of the message.

I just want to prohibit any backslashes in local parts. I know this is
totally safe to do im my case. So what it the appropriate number of
backslashes to put in the regexp? Will this work:

deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[\$@%!/\\|]

?

Btw I run 4.92, so this is just overabundance of caution on my part.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Auto-bcc certain outgoing mail?Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)