[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Heads-up: EXIM remote root exploit published

On Sun, Dec 12, 2010 at 02:20:39PM +0100, Thomas Krichel wrote:

> | For the testing distribution (squeeze) and the unstable distribution
> | (sid), this problem has been fixed in version 4.70-1.
> 
>   but here
> 
> root@wotan:~# aptitude show exim4 | grep ^Version
> Version: 4.72-2
> 
>   so nothing to do or did they get the version number wrong in the 
>   DSA?

The version number in the DSA is to the best of my knowledge correct. The
issue got fixed upstream in 4.70 without someone realizing that it is/was
exploitable. So it has already been fixed in testing and unstable for a
while.

You might want to read the corresponding thread on the exim mailinglist
if you dare for the details.

HTH
Sven
-- 
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
     [ Streetlight Manifesto - Here's To Life ]
Reply to: