Bugzilla – Bug 1996
CVE-2016-9963 - DKIM info leak
Last modified: 2017-01-08 21:37:51 UTC
Bugfixes are available for packagers, maintainers and contributors. If you need access to these repos, please contact hs@schlittermann.de via GPG signed mail, send your public SSH key, and explain why you need access right now. The fixed releases (4.87.1, 4.88) will be made public during Dec, 25th.
Wait what? A security release on Christmas Day? Even if there's nothing to be done for a particular install, folks will still have to analyze and determine that. For many folks, they'll have to act quickly to build packages. Even if they don't, they still have to figure that out. So a Sunday security release is unfortunate enough; one of the biggest global holidays is a really unfortunate choice and should be avoided unless there's compelling rationale for why it must be that date. Can we defer until Tuesday 27th?
https://exim.org/static/doc/CVE-2016-9963.txt Fix by: 87cb4a166c47
Nobody commented