[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: Heads-up: EXIM remote root exploit published
From:       Sven Hoexter <sven () timegate ! de>
Date:       2010-12-12 14:15:11
Message-ID: 20101212141511.GA8111 () marvin ! lan
[Download RAW message or body]

On Sun, Dec 12, 2010 at 02:20:39PM +0100, Thomas Krichel wrote:

> | For the testing distribution (squeeze) and the unstable distribution
> | (sid), this problem has been fixed in version 4.70-1.
> 
>   but here
> 
> root@wotan:~# aptitude show exim4 | grep ^Version
> Version: 4.72-2
> 
>   so nothing to do or did they get the version number wrong in the 
>   DSA?

The version number in the DSA is to the best of my knowledge correct. The
issue got fixed upstream in 4.70 without someone realizing that it is/was
exploitable. So it has already been fixed in testing and unstable for a
while.

You might want to read the corresponding thread on the exim mailinglist
if you dare for the details.

HTH
Sven
-- 
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
     [ Streetlight Manifesto - Here's To Life ]


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20101212141511.GA8111@marvin.lan

[prev in list] [next in list] [prev in thread] [next in thread]