On Fri, May 28, 2010 17:28, Nigel Metheringham wrote: > I have just uploaded a 4.72 RC test release to exim.org > > Changelog is embedded, and also at > > http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?revision=1.608&view=markup&pathrev=exim-4_72_RC1
Is exim only going to be updated with new features added by maintainers, and minor security issues? There are two uninitialised data bugs in the DKIM code that really should be fixed in a 4.72 release. http://bugs.exim.org/show_bug.cgi?id=985 pdkim.c may use a string that isn't null terminated http://bugs.exim.org/show_bug.cgi?id=986 pkdim sign_headers value may not be initialised And this regression in dnsbl's behaviour caused by the initial DKIM merge: http://bugs.exim.org/show_bug.cgi?id=967 DKIM-mandated undocumented behaviour change This release appears to be getting rushed through just because it fixes an issue that has a CVE number. -- Simon Arlott -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
