Please update Exim on savannah ASAP with the included patch for Exim 4.20. Mathieu installed the original version of Exim 4.20, but I'm unable to find the Debian source build package on savannah. The exim package is set to a status of hold, and it's obviously a custom install.
If you'd like for me to install the standard Exim 4 Debian packages that we use on the rest of the GNU systems, I can do this. With any luck, it won't break the exim setup on savannah. If I don't hear back by 5PM Eastern, I'll install the Exim 4 packages that I have. Please also do not upgrade to Exim 4.21, which has a number of bugs -- Exim 4.22 will be released next week.
--- Begin Message ---A minor security problem has been found in Exim 3 and 4 (many thanks to Nick Cleaton). The bug is not thought to be exploitable, but one can never be absolutely certain. The bug is fixed in Exim 4.21, which I have just released. Patches for Exim 4.20 and Exim 3.36 are below. For other releases, these patches may also work, or can be trivially adapted if the patch program has problems with the line numbers. The actual code in question has hardly changed for many years. Philip -- Philip Hazel University of Cambridge Computing Service, [EMAIL PROTECTED] Cambridge, England. Phone: +44 1223 334714. ----------------- Patch for Exim 4.20 ----------------- *** exim-4.20/src/smtp_in.c Mon May 12 14:39:22 2003 --- smtp_in.c Wed Aug 13 14:26:01 2003 *************** *** 1967,1978 **** if (!check_helo(smtp_data)) { - uschar *s; smtp_printf("501 Syntactically invalid %s argument(s)\r\n", hello); - if (*smtp_data == 0) Ustrcpy(smtp_data, "(no argument given)"); - s = string_printing(smtp_data); log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically " ! "invalid argument(s): %s", hello, host_and_ident(FALSE), s); break; } --- 1967,1977 ---- if (!check_helo(smtp_data)) { smtp_printf("501 Syntactically invalid %s argument(s)\r\n", hello); log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically " ! "invalid argument(s): %s", hello, host_and_ident(FALSE), ! (*smtp_data == 0)? US"(no argument given)" : ! string_printing(smtp_data)); break; } ---------------------------------------------------------------- ----------------- Patch for Exim 3.36 ----------------- *** exim-3.36/src/smtp_in.c Thu Apr 4 13:56:20 2002 --- smtp_in.c Thu Aug 14 09:09:33 2003 *************** *** 2021,2033 **** if (!check_helo(smtp_data)) { ! char *s; ! smtp_printf("501 syntactically invalid %s argument(s)\r\n", hello); ! if (*smtp_data == 0) strcpy(smtp_data, "(no argument given)"); ! s = string_printing(smtp_data); log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically " "invalid argument(s): %s", hello, ! (sender_fullhost == NULL)? "local process" : sender_fullhost, s); break; } --- 2021,2032 ---- if (!check_helo(smtp_data)) { ! smtp_printf("501 Syntactically invalid %s argument(s)\r\n", hello); log_write(0, LOG_MAIN|LOG_REJECT, "rejected %s from %s: syntactically " "invalid argument(s): %s", hello, ! (sender_fullhost == NULL)? "local process" : sender_fullhost, ! (*smtp_data == 0)? "(no argument given)" : ! string_printing(smtp_data)); break; } ---------------------------------------------------------------- -- ## List details at http://www.exim.org/mailman/listinfo/exim-announce Exim details at http://www.exim.org/ ##
--- End Message ---
_______________________________________________ Savannah-hackers mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/savannah-hackers
