On Mon, Oct 02, 2023 at 04:40:51PM +0200, Frank Heydlauf via mailop wrote:
> Hi Christof, folx,
>
> On Sun, Oct 01, 2023 at 07:51:04PM +0200, Christof Meerwald via mailop wrote:
> > On Sat, Sep 30, 2023 at 10:45:41PM +0200, Christof Meerwald wrote:
> > > On Sat, Sep 30, 2023 at 08:36:02AM +0100,
Hi Christof, folx,
On Sun, Oct 01, 2023 at 07:51:04PM +0200, Christof Meerwald via mailop wrote:
> On Sat, Sep 30, 2023 at 10:45:41PM +0200, Christof Meerwald wrote:
> > On Sat, Sep 30, 2023 at 08:36:02AM +0100, Andrew C Aitchison via mailop
> > wrote:
...
> > having any inside knowledge) is
On Sat, Sep 30, 2023 at 10:45:41PM +0200, Christof Meerwald wrote:
> On Sat, Sep 30, 2023 at 08:36:02AM +0100, Andrew C Aitchison via mailop wrote:
> > On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
> > > I haven't even heard exim *mentioned* in like 20 years; these stats can't
> > > be
>
On Sat, Sep 30, 2023 at 08:36:02AM +0100, Andrew C Aitchison via mailop wrote:
> On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
> > I haven't even heard exim *mentioned* in like 20 years; these stats can't be
> > right, can they?
> >
> >
John Levine via mailop (Sa 30 Sep 2023 21:14:31 CEST):
> There seems to be significant disagreement about how serious these
> bugs are and whether they'r really in Exim. The fact that the zeroday
> people didn't notice that libspf2 is a separate package makes it
> easy to believe that they're not
It appears that Simon Arlott via mailop said:
>On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
>> I see that there is an Exim release candidate out on test at the moment
>>https://lists.exim.org/lurker/message/20230926.174111.cb403675.en.html
>> but know nothing about whether it
We use exim extensively. It is a software piece we learned to tune and
love :)
It has a relatively good security history and allows a lot of
customization.
Best regards
On 30/9/23 6:58, Jay R. Ashworth via mailop wrote:
I haven't even heard exim *mentioned* in like 20 years; these stats
On 2023-09-30 at 03:36:02 UTC-0400 (Sat, 30 Sep 2023 08:36:02 +0100
(BST))
Andrew C Aitchison via mailop
is rumored to have said:
On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
I haven't even heard exim *mentioned* in like 20 years; these stats
can't be
right, can they?
On 30.09.2023 10:35, Carsten Schiefner via mailop wrote:
[...]
But would you happen to have any more details wrt. the withholding and
the 50%?
[Link to https://seclists.org/oss-sec/2023/q3/254]
Thanks, Simon & Andrew!
___
mailop mailing list
Ahoj,
Dňa Sat, 30 Sep 2023 10:19:01 +0100 Simon Arlott via mailop
napísal:
> "< jgh> one's in the resolver library. I find it questionable that
> it's being raised against Exim, as if we have to protect ourselves
> against a library. But AFAIK it's still open.
>
> < jgh> whatever the system
On Sat, 30 Sep 2023, Carsten Schiefner via mailop wrote:
Hi Simon,
On 30.09.2023 10:18, Simon Arlott via mailop wrote:
On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
I see that there is an Exim release candidate out on test at the moment
On 30/09/2023 09:35, Carsten Schiefner via mailop wrote:
> But would you happen to have any more details wrt. the withholding and
> the 50%?
https://seclists.org/oss-sec/2023/q3/254
"< jgh> one's in the resolver library. I find it questionable that it's
being raised against Exim, as if we
Hi Simon,
On 30.09.2023 10:18, Simon Arlott via mailop wrote:
On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
I see that there is an Exim release candidate out on test at the moment
https://lists.exim.org/lurker/message/20230926.174111.cb403675.en.html
but know nothing about
On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
I haven't even heard exim *mentioned* in like 20 years; these stats can't be
right, can they?
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/
On 30/09/2023 08:50, Andrew C Aitchison via mailop wrote:
> I see that there is an Exim release candidate out on test at the moment
>https://lists.exim.org/lurker/message/20230926.174111.cb403675.en.html
> but know nothing about whether it fixes any of these vulnerabilities.
It doesn't fix
On Sat, 30 Sep 2023, Andrew C Aitchison wrote:
On Sat, 30 Sep 2023, Jay R. Ashworth via mailop wrote:
I haven't even heard exim *mentioned* in like 20 years; these stats can't
be right, can they?
they are correct
consider the millions of systems using cPanel, which uses Exim by default.
cPanel is the primary virtual hosting software across the world.
what worries me more, is that there is no patch...
On Sat, 30 Sep 2023 04:58:56 + (UTC) "Jay R. Ashworth via mailop"
wrote:
> I
I haven't even heard exim *mentioned* in like 20 years; these stats can't be
right, can they?
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/
Hat tip: Lauren @ Privacy
Cheers,
-- jra
--
Jay R. Ashworth Baylink
18 matches
Mail list logo