Niels Dettenbach via Exim-users <[email protected]> (Di 11 Jun 2019 19:58:14 CEST): > The "initial official" date for patch releases was "officially set" by Exim > project / security list onto the 11.06.2019 (today) - so possibly some "less > aware" (LTS) distributors will use that date ("in respect for the project") > for their release...
The distros got the "original", and updated info on the "rescheduled" release date on [email protected]. There *should* be responsible persons of all major distros. But, this doesn't imply, that they act immediatly, as for some of them Exim isn't in the set of official packages. Some of the distros even responded personally in a very timely manner (while such response wasn't requested in the first place, later it was, but with the same result). I'll not give more details, as I think, it's not worth having arguments about good and bad distros. At least not here on this list :) Using the banner's version as an indicator for vulnerability is a silly approach. As already stated here, distros backport important patches and do not touch the visible version number. You are free to configure the banner to hide the real version, the same is true for the received header. And, starting with the next release you can even configure the version number, that is used in several places (received-header, banner) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
