AAaargh. Who reimplements sprintf!? I am working on hardy and dapper now. Will have this uploaded shortly. Thanks for double-checking and getting the Lucid and Oneiric patches ready!
At least full ASLR (PIE[1]) is in place in Lucid and later, so exploiting this is difficult, but not impossible. [1] https://wiki.ubuntu.com/Security/Features#pie -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to exim4 in Ubuntu. https://bugs.launchpad.net/bugs/779391 Title: CVE-2011-1764: format string vulnerability -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
