Re: Why Linux, Why Debian
On Sat, 2004-02-14 at 22:03, Wouter Verhelst wrote:
> On Sat, Feb 14, 2004 at 08:37:36PM +0000, Andrew Suffield wrote:
> > On Sat, Feb 14, 2004 at 08:48:44PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
[...]
> > > Ok, let me see, in woody:
> > >
> > > 1) exim listens to all remote ports, is installed as the default MTA and
> > > run by inetd
> >
> > Can't remember any remote root holes in exim.
>
> Then your memory is playing with you. There have been two security
> advisories since the woody release on exim; DSA-097 (Uncontrolled
> program execution)
Erm... DSA-097 is dated 3 January 2002, which was about 6.5 months
*before* Woody was released. Indeed, the DSA says `This problem has been
fixed in Exim version 3.12-10.2 for the stable distribution Debian
GNU/Linux 2.2 and 3.33-1.1 for the testing and unstable distribution.' -
Woody was released with 3.35, so the issue was fixed by then.
> and DSA-376 (buffer overflow; but at the time of the
> DSA, the thing was not believed to be exploitable).
TTOBMK (and I'm sure it would have made exim-users if the situation had
changed) that is still the case. Phil Hazel quite sensibly believed that
it should be fixed regardless.
Adam
Reply to: