On Fri, Oct 26, 2012 at 05:03:20AM -0400, Phil Pennock wrote: > On 2012-10-26 at 10:48 +0200, Cyborg wrote: > > I intensivly hope you have send this message to Redhat and co before > > you got public here. > > You'll note that there's a CVE identifier in the announcement. > > The other OS packagers have not (yet) given me their numbers, and I > haven't asked -- it's between them and their customers. Debian chose to > share. :)
Per Red Hat (https://access.redhat.com/security/cve/CVE-2012-5671): Not Vulnerable. This issue does not affect the version of exim as shipped with Red Hat Enterprise Linux 5. This is true; RHEL 5 ships with exim 4.63. RHEL 6 does not ship with exim; exim 4.72 is in the EPEL (Extra Packages for Enterprise Linux) repository provided by the Fedora Project. Jim Trigg (not directly affiliated with Red Hat) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
