Hello, as i was affected by the recent exim exploit i may be a bit paranoid here, but i have general question on this update. If i am not using -D or -C anywhere in my exim setup (e.g. using the debian default initscripts and have not added any of those options in /etc/default/exim4) and installed the update ... am i okay to go with that? Sorry for asking those stupid questions, but the instructions are a little ambiguous there... Kind Regards, - Dario Ernst On Sun, Jan 30, 2011 at 10:41:58AM +0000, Stefan Fritsch wrote: > A design flaw (CVE-2010-4345) in exim4 allowed the loal Debian-exim > user to obtain root privileges by specifying an alternate > configuration file using the -C option or by using the macro override > facility (-D option). > .... > The Debian default configuration is not affected by the changes.
Attachment:
signature.asc
Description: Digital signature