Re: [exim] CVE-2019-15846 ..Exim Vulnerability

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jasen Betts
Data:  
Para: exim-users
Assunto: Re: [exim] CVE-2019-15846 ..Exim Vulnerability
On 2019-09-12, Richard Jones via Exim-users <exim-users@???> wrote:
> On Sep 12, Heiko Schlittermann via Exim-users wrote
>> If you're out of luck, either upgrade your Debian system to a recent
>> one, or prepare to compile Exim on your own. (This is not as hard as it
>> seems, but you have to care about further updates manually).
>
> I don't suppose anyone has magical instructions on how to do this for
> exim4-daemon-heavy?
>


grab the exim sources from a recent debian and install build-deps
and try to compile... all the exim-* packages in debian come from a
single source package.

I was unsuccessful building exim 4.80 on Jessie (debian 8) earlier
this year. so that building on Wheezy may require significant effort
(like building other libraries from source to support this exim)

it's probably easier to install the wheezy exim4 source package, patch
it manually, (it's a one line patch) and rebuild.


workflow something like this, (* represents a version number):

sudo apt-get build-dep exim4
apt-get source exim4
cd exim4*
vi src/strings.c # make the edit
fakeroot debian/rules binary # build takes several minutes.
sudo dpkg -i ../exim4-daemon-heavy*.deb



--
When I tried casting out nines I made a hash of it.