Bug#882648: exim4: remote code execution in chunking
Andreas Metzler
ametzler at bebt.de
Sat Nov 25 11:06:20 UTC 2017
On 2017-11-25 Salvatore Bonaccorso <carnil at debian.org> wrote:
> On Sat, Nov 25, 2017 at 11:34:56AM +0100, Andreas Metzler wrote:
[...]
>> please note that Debian/stable is patched to set
>> chunking_advertise_hosts =
>> by default. Therefore stable users should not be affected unless they
>> have locally set chunking_advertise_hosts to a nonempty value.
> Ack, let's leave the severity though to grave due to the immediate
> issue for unstable/experimental version.
[...]
Agreed. As a workaround I have just uploaded -10 to unstable with
urgency=critical, re-introducing the patch present in Debian/stable.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list