I just looked into this, prompted by Chuck Peters on the ubuntu-server
list.
It seems to me that this is a security-related feature made upstream in
a newer release of exim4. To use it, every individual sysadmin would
need to manually configure the tls_verify_cert_hostnames setting to a
list of ho
This seems to be enabled by default in 4.86RC.
http://git.exim.org/exim.git/commit/01a4a5c5cbaa40ca618d3e233991ce183b551477
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/1384232
Title
** Changed in: exim4 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/1384232
Title:
Certificate hostname verification fix
To manage notificati
We sent email to cve-ass...@mitre.org and got the following response,
but we don't agree that this is an intentionally made.
This patch appears to be outside the scope of CVE. For issues of this type, the
scope of CVE is limited to unintentional implementation mistakes. Here, the
vendor intentio
Do you know if a CVE has been assigned for this issue?
Thanks
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/138423
