Hi,
> which is less than the fixed 4.94.2 version. And indeed I see the
> same presumably vulnerable version listed for buster here:
>
>
> https://packages.debian.org/search?keywords=exim4&searchon=names&exact=1&suite=all§ion=all
>
> That list suggests that only sid (unstable), bullseye (testing), and
> buster-backports have a fix.
The red "security" tag means that there's a version of that package in the
security repo (deb
http://apt-cacher.lon.bitfolk.com/debian/security.debian.org/
buster/updates main contrib) rather than the main distribution.
It's red to draw your attention to this fact rather than because there's
necessarily an outstanding security vulnerability.
If you've got the security line (in parens above) in your apt sources.list
file then you should get the patches when you upgrade.
The stuff in the security repo is rolled up, along with other fixes, in
main distribution point releases ( deb
http://apt-cacher.lon.bitfolk.com/debian/ftp.uk.debian.org/debian/ buster
main contrib ) which happen from time-to-time.
It's true that it's tricky to know exactly which things are patched in
particular revisions without further work tho'.
Best wishes,
@ndy
--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF
