Bug#304174: exim4: Patch for 296492 introduced remotely exploitable infinite loop (DOS)
Andreas Metzler
Andreas Metzler <ametzler@downhill.at.eu.org>, 304174@bugs.debian.org
Mon, 11 Apr 2005 19:31:22 +0200
tags 304174 pending
# fixed in SVN
thanks
On 2005-04-11 Marc Sherman <msherman@projectile.ca> wrote:
> Package: exim4
> Version: 4.50-5
[...]
> The patch for 296492, which is currently in sid's 4.50-5, introduced an
> infinite loop which could be triggered by a remote site with
> (intentionally?) misconfigured DNS.
> It is discussed in:
> http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00062.html
[...]
This is already applied in SVN and there'll probably be an upload on
wednesday, latest.
> I hope I've set the tags and severity for this bug correctly to indicate
> that it's an RC bug that should keep 4.50-5 out of sarge, but does not
> apply to 4.50-4 which is currently in sarge.
I think so.
FWIW there is actually no danger of 4.50-4 propagating to sarge
_automatically_, exim4 is frozen and can only go in if one of the
release managers kicks it. ;-)
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/