dkim USE-flag is by default enabled on Gentoo, so I'd like to have this stabilised ASAP, with security team blessings. Please advice.
4.80.1 is the fixed version?
yup, committed this morning
Arches, please test and mark stable: =mail-mta/exim-4.80.1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA.
Stable on alpha.
stable ppc ppc64
x86 done.
CVE-2012-5671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5671): Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
ia64/sparc stable
Thanks, everyone. Added to existing GLSA draft.
@security: please close this bug, all offending versions are gone
This issue was resolved and addressed in GLSA 201401-32 at http://security.gentoo.org/glsa/glsa-201401-32.xml by GLSA coordinator Mikle Kolyada (Zlogene).