[Pkg-exim4-users] Please backport Certificate hostname verification fix

[Thijs Kinkhorst]

Hi Chuck,

On Sun, June 21, 2015 23:36, Chuck Peters wrote:
> Andreas Metzler pointed out a set of patches that fix this issue in Exim
> 4.86.  Will this fix be backported to stable, oldstable or oldoldstable?

Thanks for contacting the security team. As cve-assign indicated, we
believe the state of TLS for SMTP to not be something that currently not
checking the hostname is an acute security problem that should be fixed
through DSA's.

Of course the Exim maintainers are free to investigate whether the stable
release manager is open to changing this behaviour in a point release.


Cheers,
Thijs