thanks Heiko, yes, good point re unstable.
In this case, the fix /was/ available in unstable, but a few other
issues with updating had led to a delay, on that system, which proved
unfortunate.
thanks,
calum.
On 19/06/2019 12:47 pm, Heiko Schlittermann via Exim-users wrote:
Calum Mackay via Exim-users <exim-users@exim.org> (Di 11 Jun 2019 01:39:22
CEST):
My mail system has just been hacked; it's running Debian unstable exim
4.91-9
I just checked https://packages.debian.org/unstable/mail/, and they list
4.92-8 there. So your 4.91 seems to be outdated a bit.
But generally speaking, I wouldn't not rely on the same speed in fixing
critical issues for unstable releases than I'd expect for stable
releases. So, running an unstable release you're somewhat on your own.
Could it be CVE-2019-10149? I don't see any reports of active exploits yet.
Yes, it could be.
ought I to be reporting this anywhere?
Not sure. The issue is wellknown meanwhile. And some distros already
supplied fixed packages or stated that they run very outdated (<4.87)
Exim versions and are not vulnerable for this reason.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
