On 26/06/2022 08:19, Andrew C Aitchison via Exim-users wrote:
[ I should document CVE-2021-38371: before exim 4.95 exim probably was exposed to a man-in-the middle attack on STARTTLS when *sending* email, though it it is not clear how it could have been exploited.
Indeed, nobody that I am aware of has *ever* demonstrated a way of exploiting SMTP response injection. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
