Bug#987133: marked as done (exim4: Exim 4.94's new tainting-feature will break many running configs)

Sat, 15 May 2021 22:54:15 -0700 

Your message dated Sun, 16 May 2021 07:50:40 +0200
with message-id <[email protected]>
and subject line Re: Bug#987133: links to more info
has caused the Debian Bug report #987133,
regarding exim4: Exim 4.94's new tainting-feature will break many running 
configs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
987133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987133
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: exim4
Version: 4.94-17
Severity: serious
Justification: The tainting-feature that has been introduced with 4.94 by upstream will break many running configurations. 

Dear Maintainers,
the tainting-feature that has been introduced with 4.94 by upstream will break many running configurations.
The feature requires "un-tainting" of all external information used in Exim's config for security reasons. Upstream unfortunately introduces this in a minor release and not in an Exim major release so that most of the users will get aware of it in the moment their mailserver stops working.
@the guys already working on the issue: Please add more information and get in touch with the Release Manager(s). 

Thanks,

Paul

--- End Message ---
--- Begin Message --- 
Version: 4.94.2-4

On 2021-04-18 Paul Muster <[email protected]> wrote:

> On Exim-users:

> https://lists.exim.org/lurker/message/20201109.222746.24ea3904.de.html

> https://lists.exim.org/lurker/message/20210406.161056.f80935f1.en.html

> On Debian-User-German:

> <https://lists.debian.org/msgid-search/[email protected]>

Hello Paul,

I am now marking this as closed with 4.94.2-4 which includes a patch to
add the allow_insecure_tainted_data option and fixes the syslog logging
issues (#988086, #988304) originally introduced by this patch.  

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- End Message ---

Reply via email to