CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2023/10/02 15:17:01
Modified files:
mail/exim : Makefile distinfo
mail/exim/patches: patch-Local_Makefile
Log message:
update to Exim 4.96.1 (CVE-2023-42114, CVE-2023-42115, CVE-2023-42116)
disable SPA authentication (NTLM against a Windows server using old
samba code) which is not enabled by default upstream and is the subject
of several of those serious vulnerabilities
disable internal SPF support (which uses libspf2, which is pretty
unmaintained upstream, and has various problems including an int
underflow in macro processing, CVE-2023-42118).
still unfixed vulns: CVE-2023-42117, CVE-2023-42219
discussed with Renaud Allard (maintainer).
