On 30/09/2023 09:35, Carsten Schiefner via mailop wrote: > But would you happen to have any more details wrt. the withholding and > the 50%?
https://seclists.org/oss-sec/2023/q3/254 "< jgh> one's in the resolver library. I find it questionable that it's being raised against Exim, as if we have to protect ourselves against a library. But AFAIK it's still open. < jgh> whatever the system resolver library accesed via res_search() is" I assume this is https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ "< jgh> one's in SPA. Status unknown; I couldn't trace the alleged notification to us < jgh> (could be just the library, again)" I assume this is https://www.zerodayinitiative.com/advisories/ZDI-23-1471/ There are no comments related to this one, but it incorrectly describes Exim as the vendor for libspf2: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/ -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
