Re: [exim] tainted data issues

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Victor Ustugov
Datum:  
To: Heiko Schlittermann via Exim-users
Betreff: Re: [exim] tainted data issues
Heiko Schlittermann via Exim-users wrote on 05.05.2021 19:11:

> In case you didn't notice. We've added a new but already deprecated main
> config option:
>
>         allow_insecure_tainted_data = yes

>
> For this option you need to get exim-4.94.2+fixes. This option isn't
> part of 4.94.2!


Did you mean

git clone --branch exim-4.94.2+fixes https://github.com/Exim/exim.git

?


I see neither allow_insecure_tainted_data nor
ALLOW_INSECURE_TAINTED_DATA in the exim/ directory.




> This option allowes you to turn the taint errors into warnings and is
> provided to help you in reworking your config into a more secure one.
> Future Exim release (not sure about "future" though) will ignore this
> option.
>
> Debian 11 includes this patch already. Exim 4.95 will kind of offically
> suppport this option too. But, as said above, it is deprecated already
> today.
>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann

>
>



-- 
Best wishes
Victor Ustugov        mailto:victor@corvax.kiev.ua
Skype ID: corvax_nb   JID: victor@???
public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc