Am 18. Januar 2019 14:49:15 MEZ schrieb Tobias Ulmer <tobi...@tmux.org>: >On Fri, Jan 18, 2019 at 07:50:52AM +0100, Niels Dettenbach (Syndicat IT >& Internet) wrote: >> The security footprint is very good. > >https://www.cvedetails.com/vulnerability-list/vendor_id-10919/product_id-19563/Exim-Exim.html
I know the Exim CVEs - we (as many even larger mail service providers worldwide) run EXIM since many years (nearly 20 years now) and had only one real urgent sec flaw to "close" some monthes ago, requiring urgent updates. I remember the "postfix tricks" in the last decade too... The very most of "more dangerous" sounding Exim CVEs describe flaws which require typically special setups and/or all possible features compiled in and/or foreign libraries onto (what a lot of end users with binary distributions typically use, because their distributors compile anything in by default (by docs, this is not the recommened way to install and use Exim) - but no professional mail ISP nor pkgsrc users (as here) does this afaik. So, things are very relative between numbers and the real world...ß) Cheers, niels. -- Niels Dettenbach Syndicat IT & Internet https://www.syndicat.com
