On Sun, May 14, 2017 at 10:20:24AM +0000, Holger Levsen wrote: > On Sun, May 14, 2017 at 12:09:59PM +0200, Wolfgang Schweer wrote: > > There's another issue: the Kerberos / GSSAPI environment is broken due > > to a security fix for exim4 (March 2016). Both mentioned issues affect > > Jessie as well. > > ouch. > > OTOH, I guess this means we dont have many jessie users using our mail setup > as it is out of the box. I just looked it up: Wheezy is affected by the CVE fix as well (exim4 4.80-7+deb7u4, wheezy-security) but noone reported problems… > that said, I still think we should fix jessie asap. Yes. And IMO we should ship a NEWS file containing information about the changes and how to cope with them. I believe we should do this each time d-e-c is upgraded for STABLE and OLDSTABLE. Wolfgang
Attachment:
signature.asc
Description: PGP signature