• @dack
    link
    121 year ago

    While ZDI reported the vulnerability to the Exim team in June 2022 and resent info on the flaw at the vendor’s request in May 2023, the developers failed to provide an update on their patch progress.

    Yikes. Sitting on a critical RCE in internet exposed server software for a year. That’s a great way to destroy trust in a project.

    • @[email protected]
      link
      fedilink
      21 year ago

      One of the first things I tended to do after building a new Debian etc system was uninstall Exim. Vulnerabilities aside is kinda crap to maintain versus e.g Postfix