dkim USE-flag is by default enabled on Gentoo, so I'd like to have this stabilised ASAP, with security team blessings. Please advice.
4.80.1 is the fixed version?
yup, committed this morning
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
Stable on alpha.
stable ppc ppc64
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c
in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect
and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify,"
allows remote attackers to execute arbitrary code via an email from a
malicious DNS server.
Added to existing GLSA draft.
@security: please close this bug, all offending versions are gone
This issue was resolved and addressed in
GLSA 201401-32 at http://security.gentoo.org/glsa/glsa-201401-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).