-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: exim4-base Version: 4.74-2 Severity: grave
The file /var/spool/exim4/gnutls-params can be find in exim4-base. This file is of security relevance for TLS sessions of exim. So this file must not shared between different installations and must not be readable by other than exim itself. If the file do not exists it will be created by exim4 (It can be precreated by postinst but this is not needed; see [0]). I send this report from a sid system but it is also and more important, relevant for the stable version 4.72-6! I do not know, when this file went to the package but as the file date is 2008-07-19 that must be long ago and even be an issue for the old-stable! To say it again, this is a heavy security issue of exim4! Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.ch/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <kl...@ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBTYpsnZ+OKpjRpO3lAQom1Qf6AnHlCpHR/3DLsSBfC5PwHIKyFYFaZWTs RokWVzURWfeVlrqYmyuHS71bbSA5oU8YooVSLsb2SRq+Upvp1CMVZ4Iv2OSow8L4 PujKTQFWy94a/tkTF/TlmrWBEAbNsrOQ/08veFFReLcvanRx7kcCktESIxib1iZu Z7jf5Z1Rtnnq2sWLbaojWFYH1Wb2OMGMy4ibgXY42FeRPmd4BzdmIowjBJQrptjG djEQ1YR756HnN/nggcRzdYaLfNjReH/K/DEcYHBviaM8HNqBSdchpdp4dQG06hvF qpMyBQcOoHhZh5nbiyrQfOq+ijL5lWCor1Ax4fW7+jP6RPF46mpJng== =rcMN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
