[hs at schlittermann.de: Re: [Exim-maintainers] CVE-2016-1531]
Heiko Schlittermann
hs at schlittermann.de
Sat Mar 12 20:05:35 UTC 2016
Andreas Metzler <ametzler at bebt.de> (Sa 12 Mär 2016 16:04:56 CET):
…
> * wheezy (4.80) required some handholding to get the 4.84->4.84.2 patch
> to apply and compile. Heiko, could you perhaps take a quick look?[1]
Ok, I'll have a look. And return if I've done.
> Regarding the configuration changes, I have set "keep_environment =" by
> default since exim shows a runtime warning if it is not set. The
…
> Is the configuration change acceptable for a security update?
> Alternatively we could diverge from upstream and patch out the warning
> and perhaps replace it with a NEWS.Debian entry.
For me as a user, yes, it's acceptable, because I do not care about
"internals". And probably users with more complex setups won't use the
Debian configuration scheme anyway.
Maybe you should issue a warning in some prominent place, during the
upgrade.
--
Heiko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20160312/db553dea/attachment.sig>
More information about the Pkg-exim4-maintainers
mailing list