On Sunday 30 January 2011, Dario Ernst wrote: > If i am not using -D or -C anywhere in my exim setup (e.g. using > the debian default initscripts and have not added any of those > options in /etc/default/exim4) and installed the update ... am i > okay to go with that? > > Sorry for asking those stupid questions, but the instructions are a > little ambiguous there...
Yes, that's what I meant with "The Debian default configuration is not affected by the changes". How would you have worded it to be less ambigous? > On Sun, Jan 30, 2011 at 10:41:58AM +0000, Stefan Fritsch wrote: > > A design flaw (CVE-2010-4345) in exim4 allowed the loal > > Debian-exim user to obtain root privileges by specifying an > > alternate configuration file using the -C option or by using the > > macro override facility (-D option). > > .... > > > > The Debian default configuration is not affected by the changes. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201101302042.26564...@sfritsch.de
