On 02/16/2013 06:31 AM, Скопенко Андрей wrote:
when exim and clamav will be updated to current version?
Then, on 02/18/2013 02:47 PM, Jurgen wrote:
Hi Axel and others,
In December 2012 exim released a security update for exim, version 4.80.1 This was addressed as a 'critical' update.
Could you update exim in atrpms? I tried to create an update RPM package for exim using the source RPM, but failed to do so. I think I have too little experience with it.
If I can help in any way, let me know.
Thanks in advance,
Jurgen.
Hello Jurgen and Скопенко Андрей,
I wrote two emails to this list and one email directly to Axel back in November about this critical security update for exim which addresses a remote code execution flaw. However, I did not receive any replies from any of my three emails. I don't know what is going on, however, this is a very important update to exim and should be addressed ASAP. Here is a copy of my last email to this list which was sent on November 5, 2012:
It was recently discovered that certain Exim versions were not properly handling the decoding of DNS records for DKIM. Specifically crafted records can yield a heap-based buffer overflow where an attacker can exploit this flaw to execute arbitrary code. All of the Exim RPMs that ATrpms.net currently has posted include this security flaw.
Are there any plans to update Exim anytime soon to address this security flaw? Specifically, are there any plans to post Exim 4.80.1 RPMs any time soon?
Many thanks in advance for your reply!
Gordon
So, I don't know what is going on but the silence in reply is deafening. I even sent an email directly to Axel requesting that he share his Local/Makefile along with any other tips so that I could attempt to generate the RPM myself, however, he didn't reply to that email either. In any event, based on my numerous queries without replys, I am not optimistic about resolving this situation any time soon. Hopefully, I am wrong and Axel or somebody else will reply with at least a grunt or some kind of response....
Gordon