Jeremie Courreges-Anglas <[email protected]> wrote: > On Wed, Sep 08 2021, Renaud Allard <[email protected]> wrote: > > [...] > > > I discussed with exim guys and it seems they are quiet reluctant at > > modifying "correct C code". > > Even sprintf uses can be correct, it doesn't mean that people should use it.
the exim people talking about "correct C code", in the context of security risk from %n landing in format strings. So we patch it locally, and wait for them to learn a lesson on systems which continue supporting %n
