Hi, I'm running an appliance which includes an Exim MTA and now I'm wondering,
if I should be worried because of the RCE with CVSS 9.8 described at the Zero
Day Initiative homepage here:
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
Apparently this has been reported first in 2022, b
On Fri, 29 Sep 2023, Some Guy via Exim-users wrote:
Hi, I'm running an appliance which includes an Exim MTA and now I'm
wondering, if I should be worried because of the RCE with CVSS 9.8
described at the Zero Day Initiative homepage here:
https://www.zerodayinitiative.com/advisories/ZDI-23-1469
> https://seclists.org/oss-sec/2023/q3/254
i tried putting that in my exim config and it threw errors
Others have excuses, I have my reasons why...
-- Nickel Creek in "Reasons Why"
randy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists
On Sat, 30 Sep 2023, Randy Bush via Exim-users wrote:
https://seclists.org/oss-sec/2023/q3/254
i tried putting that in my exim config and it threw errors
:-) I am not surprised.
I've seen some second hand reports (eg on the mailop list,
which 1) has a closed archive, and 2) seems unreachabl
The Debian Bug Tracker has some hints:
https://security-tracker.debian.org/tracker/source-package/exim4
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-user
On 30/09/2023 20:07, Andrew C Aitchison via Exim-users wrote:
the fixes so far will be included when that is released
Correct. We're allowing enough time for distros to prepare patches
for whatever distributed versions they support, and have told them
of the timeline.
--
Cheers,
Jeremy
--
