Dňa 15. októbra 2023 16:17:32 UTC používateľ Heiko Schlittermann via Exim-users <exim-users@lists.exim.org> napísal:
>today we released 2 more fixes for the issues mentioned in the recent >CVEs. Nice job, thanks. >- We fixed issues in the `dnsdb` lookup subsystem. Please, can you now elaborate more about "trusted resolver"? I understand that it is fixed now, and i removed all dnsdb lookups (to be sure), but i still doesn't know if/how vulnerable my system was before issue was published (and mitigated). I did checks, but with false result i cannot know if i was secure (or i was lucky) or i failed to indentify break in... >- The remaining issue with `libspf2`, raised as CVE against Exim, can't Please, can you confirm, that your libspf2 packages with applied patches (as you published previously) solves that issue? The recent info which i got was: nobody know... For now i have disabled SPF checks in exim, and while it is not crucial (for me), it is not optimal... regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
