Package: exim4 Version: 4.50-5 Severity: grave Tags: security sid patch Justification: remote exploitable DOS
The patch for 296492, which is currently in sid's 4.50-5, introduced an infinite loop which could be triggered by a remote site with (intentionally?) misconfigured DNS. It is discussed in: http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00062.html The patch to fix this is in: http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050404/msg00152.html I'm not certain, but I think that this patch _replaces_ the patch applied to fix 296492, rather than patching it. I hope I've set the tags and severity for this bug correctly to indicate that it's an RC bug that should keep 4.50-5 out of sarge, but does not apply to 4.50-4 which is currently in sarge. - Marc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]