oss-sec mailing list archives
Re: CVE Request: exim STARTTLS fix
From: Marcus Meissner <meissner () suse de>
Date: Tue, 24 May 2011 13:34:45 +0200
On Tue, May 24, 2011 at 07:24:03AM -0400, Josh Bressers wrote:
----- Original Message -----Hi, while reviewing EXIM git for the last security issues, I also found the STARTTLS fix: http://git.exim.org/exim.git/commitdiff/da80c2a8ed49427334af613c00df65ae301cacdd Is fixed with exim 4.76 apparently.That commit suggests it's not an issue, but rather some extra paranoid buffer wiping. Is there a reason to believe this is a problem? I'd rather not assign an ID if it's not needed.
Rereading the comment added ... It seems not to be an active security issue. Sorry for being alarming, no CVE required. ;) Ciao, Marcus
Current thread:
- CVE Request: exim STARTTLS fix Marcus Meissner (May 20)
- Re: CVE Request: exim STARTTLS fix Josh Bressers (May 24)
- Re: CVE Request: exim STARTTLS fix Marcus Meissner (May 24)
- Re: CVE Request: exim STARTTLS fix Michael Tokarev (May 24)
- Re: CVE Request: exim STARTTLS fix Josh Bressers (May 24)