Dňa 15. októbra 2023 16:17:32 UTC používateľ Heiko Schlittermann via Exim-users <exim-users@???> napísal:
>today we released 2 more fixes for the issues mentioned in the recent
>CVEs.
Nice job, thanks.
>- We fixed issues in the `dnsdb` lookup subsystem.
Please, can you now elaborate more about "trusted resolver"? I understand
that it is fixed now, and i removed all dnsdb lookups (to be sure), but i still
doesn't know if/how vulnerable my system was before issue was published
(and mitigated).
I did checks, but with false result i cannot know if i was secure (or i was
lucky) or i failed to indentify break in...
>- The remaining issue with `libspf2`, raised as CVE against Exim, can't
Please, can you confirm, that your libspf2 packages with applied patches
(as you published previously) solves that issue? The recent info which
i got was: nobody know...
For now i have disabled SPF checks in exim, and while it is not crucial
(for me), it is not optimal...
regards
--
Slavko
https://www.slavino.sk/
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
