Exim MTA development

headers Dr Andrew C Aitchison | 7 Nov 2007 09:41

[ Sorry for spamming exim-dev but I believe that the
   PCRE maintainer lurks there and not on exim-users  

RedHat have released an update to pcre 6.6
http://www.linuxcompatible.org/RHSA-20070967-01_Critical_pcre_security_update_p99769.html
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_0.1.src.rpm
The redhat bugzilla for one of thesre flaws
   https://bugzilla.redhat.com/show_bug.cgi?id=315871
suggests that
    another case of a lone \E inside a character class remained,
    this has been fixed in 7.3

exim-4.68 includes pcre 7.2, which is presumably vunerable.

I suspect that within exim pcre does not parse user-supplied
expressions, so this is not a major vunerability, but is anyone
in a position to confirm this, or do we need to release an updated
version of exim ?

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
A.C.Aitchison <at> dpmms.cam.ac.uk	http://www.dpmms.cam.ac.uk/~werdna

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

20	May 2013
36	April 2013
56	March 2013
30	February 2013
27	January 2013
57	December 2012
52	November 2012
61	October 2012
69	September 2012
32	August 2012
63	July 2012
112	June 2012
241	May 2012
71	April 2012
38	March 2012
17	February 2012
35	January 2012
7	December 2011
39	November 2011
44	October 2011
59	September 2011
44	August 2011
7	July 2011
15	June 2011
62	May 2011
14	April 2011
44	March 2011
137	February 2011
150	January 2011
194	December 2010
14	November 2010
14	October 2010
56	September 2010
15	August 2010
52	July 2010
110	June 2010
59	May 2010
10	April 2010
17	March 2010
18	February 2010
65	January 2010
69	December 2009
163	November 2009
176	October 2009
21	September 2009
26	August 2009
30	July 2009
60	June 2009
15	May 2009
25	April 2009
25	March 2009
42	February 2009
29	January 2009
43	December 2008
29	November 2008
32	October 2008
61	September 2008
75	August 2008
47	July 2008
45	June 2008
80	May 2008
31	April 2008
33	March 2008
64	February 2008
116	January 2008
14	December 2007
26	November 2007
43	October 2007
25	September 2007
69	August 2007
63	July 2007
85	June 2007
31	May 2007
47	April 2007
67	March 2007
142	February 2007
119	January 2007
80	December 2006
72	November 2006
169	October 2006
129	September 2006
89	August 2006
66	July 2006
64	June 2006
26	May 2006
22	April 2006
43	March 2006
43	February 2006
42	January 2006
53	December 2005
60	November 2005
40	October 2005
136	September 2005
29	August 2005
77	July 2005
157	June 2005
42	May 2005
50	April 2005
127	March 2005
34	February 2005
8	January 2005
9	December 2004
37	November 2004
8	October 2004
9	August 2004
15	July 2004
23	June 2004
23	April 2004
44	March 2004

PCRE vunerability and Exim ?

Re: PCRE vunerability and Exim ?

[Bug 627] New: /var/run/exim4 directory not create so pid file not created

Re: [Bug 627] New: /var/run/exim4 directory not create so pid file not created

[Bug 627] /var/run/exim4 directory not create so pid file not created

Re: PCRE vunerability and Exim ?

[Bug 628] New: PCRE package is outdated and has known security issues

[Bug 628] PCRE package is outdated and has known security issues

Re: PCRE vunerability and Exim ?

Re: PCRE vunerability and Exim ?