On Sat, 30 Sep 2023, Carsten Schiefner via mailop wrote:
Hi Simon,
On 30.09.2023 10:18, Simon Arlott via mailop wrote:
On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
I see that there is an Exim release candidate out on test at the moment
https://lists.exim.org/lurker/message/20230926.174111.cb403675.en.html
but know nothing about whether it fixes any of these vulnerabilities.
It doesn't fix the vulnerabilities. The fixes are being withheld until
the release of 4.97 and only cover the 50% of the reported
vulnerabilities (those that affect the SPA authenticator).
thanks - that clarifies it with a bit of a time perspective.
But would you happen to have any more details wrt. the withholding and the
50%?
https://seclists.org/oss-sec/2023/q3/254
"The remaining issues are debatable or miss information we need to fix them."
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
