[exim] Re: Exim Zero Day?

Top Page
Delete this message
Reply to this message
Author: Christof Meerwald
Date:  
To: Andreas Metzler via Exim-users
Subject: [exim] Re: Exim Zero Day?
On Mon, 2 Oct 2023 18:11:49 +0200, Andreas Metzler via Exim-users wrote:
> On 2023-10-02 Christof Meerwald via Exim-users <exim-users@???> wrote:
>> On Sun, 01 Oct 2023 20:35:48 +0000, Slavko via Exim-users wrote:
>> > Dňa 1. októbra 2023 20:07:45 UTC používateľ Christof Meerwald via Exim-users <exim-users@???> napísal:
>> >>This was only officially confirmed today (which is very unfortunate),
>> >
>> > That is true only in this ML, othervise it was confirmed in Friday:
>> >
>> >     https://www.openwall.com/lists/oss-security/2023/09/29/5
>
>> Not seeing anything that CVE-2023-42115 only affects "AUTH EXTERNAL"
>> here...
>
> I am failing to find out where this was claimed to be the case?


https://www.mail-archive.com/exim-users@lists.exim.org/msg00529.html
seemed to imply that users should have been aware of the details when
they had to make decisions about stopping exim4:

  "Please why?
  
  + do you use AUTH (NTLM/EXTERNAL) on port 25?"

So I was asking if these details were indeed available somewhere
before Sunday evening.


Christof

-- 

https://cmeerw.org                             sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/