[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: Heads-up: EXIM remote root exploit published
From: Sven Hoexter <sven () timegate ! de>
Date: 2010-12-12 14:15:11
Message-ID: 20101212141511.GA8111 () marvin ! lan
[Download RAW message or body]
On Sun, Dec 12, 2010 at 02:20:39PM +0100, Thomas Krichel wrote:
> | For the testing distribution (squeeze) and the unstable distribution
> | (sid), this problem has been fixed in version 4.70-1.
>
> but here
>
> root@wotan:~# aptitude show exim4 | grep ^Version
> Version: 4.72-2
>
> so nothing to do or did they get the version number wrong in the
> DSA?
The version number in the DSA is to the best of my knowledge correct. The
issue got fixed upstream in 4.70 without someone realizing that it is/was
exploitable. So it has already been fixed in testing and unstable for a
while.
You might want to read the corresponding thread on the exim mailinglist
if you dare for the details.
HTH
Sven
--
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
[ Streetlight Manifesto - Here's To Life ]
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20101212141511.GA8111@marvin.lan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic