Hi!
> Thus, IMO when these particular patches will be confirmed,
> they will supply update. The question is, who will confirm that,
That's the key problem. I contacted the libspf2 developer
and he committed the fix from issue 44. But neither he nor
the person who submitted the patch has enough in
Dňa 15. októbra 2023 18:37:54 UTC používateľ Andrew C Aitchison via Exim-users
napísal:
>Sadly no. Ubuntu 23-10/mantic (released last week) still has:
>Debian is similar.
I contacted debian's security team about week ago with this.
The response was (in that time), that it is unknown if this
pat
On Sun, 15 Oct 2023, Cyborg via Exim-users wrote:
Am 15.10.23 um 18:17 schrieb Heiko Schlittermann via Exim-users:
- The remaining issue with `libspf2`, raised as CVE against Exim, can't
be addressed by us, as it seems to happen inside the library's code.
Library fixes are available.
Hi
Dňa 15. októbra 2023 17:07:00 UTC používateľ Jeremy Harris via Exim-users
napísal:
>A resolver that you trust to only send properly-structured DNS responses
>towards you. As opposed to crafted responses with interally-inconsistent
>data, which the resolver access library functions (at least in
Am 15.10.23 um 18:17 schrieb Heiko Schlittermann via Exim-users:
- The remaining issue with `libspf2`, raised as CVE against Exim, can't
be addressed by us, as it seems to happen inside the library's code.
Library fixes are available.
Hi,
AFAIK that has already been adressed (at least fo
On 15/10/2023 17:50, Slavko via Exim-users wrote:
Please, can you now elaborate more about "trusted resolver"?
A resolver that you trust to only send properly-structured DNS responses
towards you. As opposed to crafted responses with interally-inconsistent
data, which the resolver access libra
Dňa 15. októbra 2023 16:17:32 UTC používateľ Heiko Schlittermann via Exim-users
napísal:
>today we released 2 more fixes for the issues mentioned in the recent
>CVEs.
Nice job, thanks.
>- We fixed issues in the `dnsdb` lookup subsystem.
Please, can you now elaborate more about "trusted resolv
Dear Exim Users,
today we released 2 more fixes for the issues mentioned in the recent
CVEs.
The current latest official release is now: exim-4.96.2
- We fixed issues with the proxy protocol.
- We fixed issues in the `dnsdb` lookup subsystem.
- The remaining issue with `libspf2`, raised as CVE a
