The patch for 296492, which is currently in sid's 4.50-5, introduced an
infinite loop which could be triggered by a remote site with
(intentionally?) misconfigured DNS.
I'm not certain, but I think that this patch _replaces_ the patch
applied to fix 296492, rather than patching it.
I hope I've set the tags and severity for this bug correctly to indicate
that it's an RC bug that should keep 4.50-5 out of sarge, but does not
apply to 4.50-4 which is currently in sarge.
Package: exim4
Version: 4.50-5
Severity: grave
Tags: security sid patch
Justification: remote exploitable DOS
The patch for 296492, which is currently in sid's 4.50-5, introduced an
infinite loop which could be triggered by a remote site with
(intentionally?) misconfigured DNS.
It is discussed in: www.exim. org/mail- archives/ exim-users/ Week-of- Mon-20050404/ msg00062. html
http://
The patch to fix this is in: www.exim. org/mail- archives/ exim-users/ Week-of- Mon-20050404/ msg00152. html
http://
I'm not certain, but I think that this patch _replaces_ the patch
applied to fix 296492, rather than patching it.
I hope I've set the tags and severity for this bug correctly to indicate
that it's an RC bug that should keep 4.50-5 out of sarge, but does not
apply to 4.50-4 which is currently in sarge.
- Marc