Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MNiels Dettenbach at <-
MMHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [exim] ATTN: Re: CVE-2019-10149: already vulnerable ?
Cyborg via Exim-users <exim-users@???> wrote:
> Am 24.06.19 um 20:31 schrieb Andreas Metzler via Exim-users:
[...]
>> M OTOH does not match everything but is much to broad since it does
>> not match on the backslash at all. Also I do not see how "jeremy's
>> version will reject any x24 in any part of the message", it matches
>> the local_part not the message body.

> The problem is, as soon as Js rule was inserted into exim, it rejected
> messages with \x24 in the body.
[...]

FWIW I do not see the body rejection in a quick test. (Vanilla Debian
4.92-8).


cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Extra copies of list mail (was Re: CVE-2019-10149: already vulnerable ?)Re: [exim] CVE-2019-10149: already vulnerable ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)