Date: Thu, 6 May 2004 12:28:36 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20040506172836.GA1372@madman.celabo.org> In-Reply-To: <409A70B6.20000@fillmore-labs.com> References: <200405061543.i46FhrL2015423@repoman.freebsd.org> <20040506160133.GB790@madman.celabo.org> <409A658A.30206@fillmore-labs.com> <20040506162842.GA1129@madman.celabo.org> <409A70B6.20000@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 06, 2004 at 07:07:02PM +0200, Oliver Eikemeier wrote: > Neither do I know George. The advisory I refer to is > <http://www.guninski.com/exim1.html>; Typo on my part. I meant Georgi, as in Georgi Guninski. > I verified that what is called `bug2' affects FreeBSD when > `verify = header_syntax' is used (which is not done in the default > configuration file), `bug1' is mentioned as effecting exim 3.35, which > is a stupid Debianism. Exim 3.36 is available since April 2002 > <http://www.exim.org/pipermail/exim-announce/2002q2/000057.html>; > in FreeBSD as mail/exim-old, is FORBIDDEN since September 2003 and > has been removed from the ports tree March 2004. `verify = header_syntax' > used to be `headers_check_syntax' in Exim 3.x, so obviously Georgi > Guninski and the George writing the CVE list entries are Debian users. Cool, thanks for confirming! Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040506172836.GA1372>