[exim] Re: New Exim Security Release 4.96.2

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Slavko
Date:  
À: exim-users
Sujet: [exim] Re: New Exim Security Release 4.96.2
Dňa 15. októbra 2023 16:17:32 UTC používateľ Heiko Schlittermann via Exim-users <exim-users@???> napísal:

>today we released 2 more fixes for the issues mentioned in the recent
>CVEs.


Nice job, thanks.

>- We fixed issues in the `dnsdb` lookup subsystem.


Please, can you now elaborate more about "trusted resolver"? I understand
that it is fixed now, and i removed all dnsdb lookups (to be sure), but i still
doesn't know if/how vulnerable my system was before issue was published
(and mitigated).

I did checks, but with false result i cannot know if i was secure (or i was
lucky) or i failed to indentify break in...

>- The remaining issue with `libspf2`, raised as CVE against Exim, can't


Please, can you confirm, that your libspf2 packages with applied patches
(as you published previously) solves that issue? The recent info which
i got was: nobody know...

For now i have disabled SPF checks in exim, and while it is not crucial
(for me), it is not optimal...

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/