• dack@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    While ZDI reported the vulnerability to the Exim team in June 2022 and resent info on the flaw at the vendor’s request in May 2023, the developers failed to provide an update on their patch progress.

    Yikes. Sitting on a critical RCE in internet exposed server software for a year. That’s a great way to destroy trust in a project.

    • phx
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      One of the first things I tended to do after building a new Debian etc system was uninstall Exim. Vulnerabilities aside is kinda crap to maintain versus e.g Postfix