Randy Bush <randy@psg.com> (Di 28 Nov 2017 23:34:55 CET):
> > Distros are advised to include these commits.
>
> deb/ubu distros are so far behind that they do not have the vuln
That isn't true. The current stable Debian (9.x) ships with
Exim 4.89. And from (including) 4.88 onwards Exim is vulnerable.
Though, the Debian Distro changed to built-in default of the chunking
extension to 'disabled'. One need to switch it on explictly in the
runtime config to be vulnerable.
Please correct me, if I'm wrong.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
> > Distros are advised to include these commits.
>
> deb/ubu distros are so far behind that they do not have the vuln
That isn't true. The current stable Debian (9.x) ships with
Exim 4.89. And from (including) 4.88 onwards Exim is vulnerable.
Though, the Debian Distro changed to built-in default of the chunking
extension to 'disabled'. One need to switch it on explictly in the
runtime config to be vulnerable.
Please correct me, if I'm wrong.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
Attached Files:
-
signature.asc (0.48 KB)