On Sun, Dec 12, 2010 at 02:20:39PM +0100, Thomas Krichel wrote:
> | For the testing distribution (squeeze) and the unstable distribution
> | (sid), this problem has been fixed in version 4.70-1.
>
> but here
>
> r...@wotan:~# aptitude show exim4 | grep ^Version
> Version: 4.72-2
>
> so nothing to do or did they get the version number wrong in the
> DSA?
The version number in the DSA is to the best of my knowledge correct. The
issue got fixed upstream in 4.70 without someone realizing that it is/was
exploitable. So it has already been fixed in testing and unstable for a
while.
You might want to read the corresponding thread on the exim mailinglist
if you dare for the details.
HTH
Sven
--
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
[ Streetlight Manifesto - Here's To Life ]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
