On Fri, 2010-12-10 at 11:03 -0800, Brent Jones wrote: > I believe Redhat ships a 4.6x version of Exim. I have a support > contract with them if anyone believes it may be helpful to alert them > about this issue and for them to distribute patched versions to Redhat > customers.
Red Hat (with a space and a capital H) are aware and working on a fixed package. They also helped with reproducing and diagnosing the exploit. https://bugzilla.redhat.com/show_bug.cgi?id=661756 for CVE-2010-4344 https://bugzilla.redhat.com/show_bug.cgi?id=662012 for CVE-2010-4345 Fedora has Exim 4.72 and thus isn't affected. -- dwmw2 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
