On Sun, Oct 01, 2023 at 05:50:00PM +0200, Andreas Barth via Exim-users wrote:
> I have seen the security side as debian release manager for quite many
> software products. And I doubt much that postfix would do it much
> different.
Coordinated release of security updates is standard industry practice.
The only similar CVE in Postfix is CVE-2011-1720.
https://www.postfix.org/CVE-2011-1720.html#timeline
Another CVE instead led to coordination with multiple other SMTP
implementations (really anything that involved transition from cleartext
to TLS via a STARTTLS-like mechanism). This did not involve any risk of
system compromise, just injection of pre-TLS content into the TLS
stream:
https://www.postfix.org/CVE-2011-0411.html#timeline
--
Viktor.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
