[hs at schlittermann.de: Re: [Exim-maintainers] CVE-2016-1531]
Heiko Schlittermann
hs at schlittermann.de
Sat Mar 12 22:32:14 UTC 2016
Hello,
Heiko Schlittermann <hs at schlittermann.de> (Sa 12 Mär 2016 21:05:35 CET):
> Andreas Metzler <ametzler at bebt.de> (Sa 12 Mär 2016 16:04:56 CET):
> …
> > * wheezy (4.80) required some handholding to get the 4.84->4.84.2 patch
> > to apply and compile. Heiko, could you perhaps take a quick look?[1]
>
> Ok, I'll have a look. And return if I've done.
* initial working directory
Some of our users complained that because of chdir(/) during the early
startup, the cwd= in debug messagesis misleading under some circumstances.
Upstream master contains a fix for that. I'm not sure, if this is
relevant to your users. I do not consider it important enough to do a
security release again.
But you may want to backport that change. It's in
commit 3615fa9a06356891367c66ed284cef9db5cefca3
commit fae3a611be53dbf58cbb7c2c4846081ecb87606e
* avoid excessive warnings about the missing keep_environment
To avoid warnings from exec()ed Exim processes about the missing
keep_environment, I suggest to backport
commit 8e58ed807c77febfde61d3cf47928302f93cc99c
It should be fairly easy.
For your reference I've created a branch exim-4_80_1+CVE-2016-1531,
this should contain the backported CVE-2016-1531 patch plus the above
mentioned small additions.
(same for exim-4_82_1+CVE-2016-1531)
If I compare your patches and my patches it looks plausible :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20160312/f77531b5/attachment.sig>
More information about the Pkg-exim4-maintainers
mailing list