Re: Heads-up: EXIM remote root exploit published
On Sun, Dec 12, 2010 at 02:20:39PM +0100, Thomas Krichel wrote:
> | For the testing distribution (squeeze) and the unstable distribution
> | (sid), this problem has been fixed in version 4.70-1.
>
> but here
>
> root@wotan:~# aptitude show exim4 | grep ^Version
> Version: 4.72-2
>
> so nothing to do or did they get the version number wrong in the
> DSA?
The version number in the DSA is to the best of my knowledge correct. The
issue got fixed upstream in 4.70 without someone realizing that it is/was
exploitable. So it has already been fixed in testing and unstable for a
while.
You might want to read the corresponding thread on the exim mailinglist
if you dare for the details.
HTH
Sven
--
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
[ Streetlight Manifesto - Here's To Life ]
Reply to: