Re: [exim] tainted data issues

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Victor Ustugov
Datum:  
To: Heiko Schlittermann via Exim-users
Betreff: Re: [exim] tainted data issues
Heiko Schlittermann via Exim-users wrote on 05.05.2021 23:48:
> Victor Ustugov via Exim-users <exim-users@???> (Mi 05 Mai 2021 22:29:32 CEST):
>>>> git clone --branch exim-4.94.2+fixes https://github.com/Exim/exim.git
>>>
>>> Sorry my fault, far too many branches, merges, and tags during the
>>> recent days. Branch is exim-4.94.2+taintwarn, which includes the +fixes
>>> and the taintwarn feature.
>>
>> Thank you.
>>
>> As far as I can see, the exim-4.94.2+taintwarn branch includes the code
>> from the exim-4.94.2+fixes branch, doesn't it?
>
> Exactly. It does include all the stuff in exim-4.94.2+fixes. Please be
> aware, the taintwarn feature is only for mitigation. It will be ignored
> in one of the future versions.


I personally don't need an option allow_insecure_tainted_data.

I'm just testing the building of exim 4.94.2 packages for FreeBSD,
CentOS and Ubuntu with different combinations of patches (for file
parameter in sqlite lookup, exim-4.94.2+fixes, taintwarn code from
exim-4.94.2+taintwarn and from Debian patches).


-- 
Best wishes
Victor Ustugov        mailto:victor@corvax.kiev.ua
Skype ID: corvax_nb   JID: victor@???
public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc