Bug#1053310: Fixes for stable/oldstable?
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 31 10:43:52 GMT 2023
Hi Tomas,
On Tue, Oct 31, 2023 at 11:07:06AM +0100, Tomas Pospisek wrote:
> Hello Exim maintainers,
>
> this ticket, asking for packages with fixes for CVE-2023-42117 and other
> security relavant issues is closed.
>
> However only a package for unstable has been released:
>
> https://security-tracker.debian.org/tracker/CVE-2023-42117
>
> all other Debian releases (stable, oldstable) still seem to be carrying the
> vulnerable Exim4 version.
>
> What is the status of releasing fixed Exims for Debian stable, oldstable? Is
> anybody working on it? Is help needed?
Fixes for CVE-2023-42117 and CVE-2023-42119 are right now considered
no-dsa (see comment on the security-tracker about it), and are going
to be fixed in the next point releases.
Does this help?
Regards,
Salvatore
More information about the Pkg-exim4-maintainers
mailing list