Calum Mackay via Exim-users <[email protected]> (Di 11 Jun 2019 01:39:22 CEST): > My mail system has just been hacked; it's running Debian unstable exim > 4.91-9
I just checked https://packages.debian.org/unstable/mail/, and they list 4.92-8 there. So your 4.91 seems to be outdated a bit. But generally speaking, I wouldn't not rely on the same speed in fixing critical issues for unstable releases than I'd expect for stable releases. So, running an unstable release you're somewhat on your own. > Could it be CVE-2019-10149? I don't see any reports of active exploits yet. Yes, it could be. > > ought I to be reporting this anywhere? Not sure. The issue is wellknown meanwhile. And some distros already supplied fixed packages or stated that they run very outdated (<4.87) Exim versions and are not vulnerable for this reason. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
