Exim related buffer overflow in stable

To: debian-security@lists.debian.org
Subject: Exim related buffer overflow in stable
From: debian.org@gbcomputers.com
Date: Wed, 11 Jul 2001 22:07:07 -0700
Message-id: <[🔎] 20010711220707.A17980@gbcomputers.com>

Since I haven't heard anything from the package maintainer
(mbaker@iee.org) regarding this email sent to him on the 2nd, I thought
I would throw this out here. Someone please point me into the right
direction if I'm putting this out on the wrong list.

My biggest concern is item number 1 in the list below, as the issue
noted appears to affect the revision of Exim in stable.

More info can also be found in this thread:
 http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20010611/026952.html

Regards,
Gregg Berkholtz


----- Forwarded message -----

To: mbaker@iee.org
Date: Mon, 2 Jul 2001 21:11:33 -0700

Please forgive me if you have already heard about this. Should this be a
concern that necessitates a security update?

Regards,
Gregg Berkholtz

----- Forwarded message from Philip Hazel <ph10@cus.cam.ac.uk> -----

Exim 3.31 is now available:

ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim-3.31.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim-3.31.tar.bz2

32895393b49f5ac64fec7d3431b2b518  exim-3.31.tar.gz
d24350e5589e31aab80cda4dee15f9b4  exim-3.31.tar.bz2

This is a maintenance release that fixes two bugs. The code changes are
small and are also available in the following patch file:

ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim-patch-3.30-3.31.gz

The changes are:

1. An address longer than 256 bytes could cause Exim to crash. Change 38 for
3.30 limits local addresses to 512 bytes (the RFC limit is 64bytes@255bytes and
SMTP addresses have always been limited), so the relevant vector has been
increased to 512 bytes.

2. The return_path generic transport option was being ignored for MAIL FROM
lines in BSMTP output in the appendfile and pipe transports.


The second of these changes now holds the record for the fastest time from
my receiving a bug report to the fix appearing in a release - less than
3 hours.


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.


--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

----- End forwarded message -----
----- End forwarded message -----

-- 
/////////////       Gregg Berkholtz - Owner
|    G B    | Systems consulting, sales and support
| Computers |
\\\\\\\\\\\\\      INFO: www.gbcomputers.com

Reply to:

Prev by Date: Re: was I cracked? (rpc.statd, new version)
Next by Date: Re: was I cracked? (rpc.statd, new version)
Previous by thread: Re: Help needed on snort
Next by thread: secured bind default?
Index(es):
- Date
- Thread