Re: [exim] Sieve filters broken due to tainted expansions?

Top Page

Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Sieve filters broken due to tainted expansions?
On 07/01/2020 20:20, Michael Haardt via Exim-users wrote:
> I did
> not really follow the list recently, so I missed the introduction of
> "tainted" expansions,


To follow up on that point:

ChangeLog, 4.93 :-

JH/32
Introduce a general tainting mechanism for values read from the input
channel, and values derived from them. Refuse to expand any tainted
values, to catch one form of exploit.
--
Cheers,
Jeremy