On 2017-11-25 Dominic Hargreaves <d...@earth.li> wrote: > Package: exim4 > Version: 4.89-9 > Severity: grave > Tags: security > Justification: remote code execution
> ----- Forwarded message from Phil Pennock <p...@exim.org> ----- [...] > With immediate effect, please apply this workaround: if you are running > Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main > section of your Exim configuration, set: > chunking_advertise_hosts = [...] > ----- End forwarded message ----- Hello, please note that Debian/stable is patched to set chunking_advertise_hosts = by default. Therefore stable users should not be affected unless they have locally set chunking_advertise_hosts to a nonempty value. Also there seem to be two separate issues https://bugs.exim.org/show_bug.cgi?id=2199 and https://bugs.exim.org/show_bug.cgi?id=2201 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
