Debian and Exim's Security Patch Timeline

Rieker Flaik rieker_flaik at arcor.de
Sat Sep 30 10:21:30 BST 2023


Hello,

 regarding the current CVEs associated with Exim:

https://www.openwall.com/lists/oss-security/2023/09/29/10

*Wow*, I'm genuinely surprised: All parties (ZDI, exim) had over a year
to address the issues, yet nothing has been done up to this point (at
least still no fix in DebianSecurity).

Is ZDI not providing useful info?

Is Exim overwhelmed? 

Is Exim facing some lack of funding?

What exactly is the underlying problem here, and more importantly how
to prevent it in the future?

It's vital that all parties unite for user safety and the freedom it
ensures.

Considering the circumstances, should Debian maybe contemplate
switching to netqmail or another MTA that's potentially more secure
than Exim4?



More information about the Pkg-exim4-users mailing list