[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: exim STARTTLS fix
From:       Michael Tokarev <mjt () tls ! msk ! ru>
Date:       2011-05-24 11:42:31
Message-ID: 4DDB99A7.9090108 () msgid ! tls ! msk ! ru
[Download RAW message or body]

24.05.2011 15:24, Josh Bressers wrote:
> ----- Original Message -----
>> Hi,
>>
>> while reviewing EXIM git for the last security issues, I also found the
>> STARTTLS fix:
>>
>> http://git.exim.org/exim.git/commitdiff/da80c2a8ed49427334af613c00df65ae301cacdd
>>
>> Is fixed with exim 4.76 apparently.
>>
> 
> That commit suggests it's not an issue, but rather some extra paranoid
> buffer wiping. Is there a reason to believe this is a problem?

Isn't it CVE-2011-0411 attack ?

/mjt
[prev in list] [next in list] [prev in thread] [next in thread]