It seems this has stalled. Most distros have already released a patched
version of libspf2. While I agree it's unclear whether the currently
available patch fixes this CVE, it does however fix an underflow that
would be relevant to release as a security fix, I think. Libspf2 has
tried to reach
e already
done so, and Debian is lagging behind. This is even more serious
considering exim is the default MTA on Debian, while many other distros
opt for postfix.
Kind regards,
Bert Van de Poel
On 18/10/2023 11:56, Salvatore Bonaccorso wrote:
Hi,
On Fri, Oct 13, 2023 at 12:05:19PM +0200, B
Package: libspf2-2
Version: 1.2.10-7.1~deb11u1
Severity: critical
Tags: security patch
Justification: root security hole
X-Debbugs-Cc: Debian Security Team
As already outlined on
https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a known
security issue in libspf2 found through
3 matches
Mail list logo
