On 2012-10-26 at 10:48 +0200, Cyborg wrote: > I intensivly hope you have send this message to Redhat and co before > you got public here.
I intensely hope that you are subscribed to exim-announce, where the 4.80.1 announcement itself was sent, which explained that this is exactly what was happening on Thursday. This was a coordinated release, with the OS packagers having early access to the release tarballs, the fix patch, precise affected version numbers of Exim, etc. > What do you suggest as a workaround for people with installations from > distros ? The work-around in the announcement itself (as opposed to this "more details" thread). You'll note that there's a CVE identifier in the announcement. The Debian folk inform me that the Debian Security Advisory is numbered DSA-2566-1. The other OS packagers have not (yet) given me their numbers, and I haven't asked -- it's between them and their customers. Debian chose to share. :) -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
