-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please provide updated images due to exim4 security updates #81
Comments
Please priorise this. Its critical! See https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server |
Yes, please give prio to this issue / update! |
Unfortunate there is (still) no updated package available for Debian Buster Buster (stable) is still at 4.92-8+deb10u6 |
Debian security updates are generally available as soon as the security announcement is made. 4.92-8+deb10u6 is the patched version. See https://www.debian.org/security/2021/dsa-4912 |
@oba11, are you able to rebuild the images and push to docker hub? |
alright, i pushed an alternate image again: https://hub.docker.com/repository/docker/itsissa/namshi-smtp |
Thank you very much Issa. May i ask for the reason you dont use a latest-tag for your images? |
yeah, i am not really all that familiar w docker is why. :) happy to repush if you sample me a command. |
ok, so you used 4.92-8.deb10u6 for your tag. I guess 4.92 is die exim version and the second part is the underlying debian version. Another more granular concept of tagging is to tag major version. Lets say you want your users to be able to stay on exim 4.x you can tag like |
okay i think it's done! sorry it took a second |
FYI, because this project seems defunct/unmaintained, I searched and found a maintained fork of this project: https://github.com/ix-ai/smtp I have switched from namshi/smtp to ixdotai/smtp. Functionally it works the same and is configured the same, but it has a newer version of Exim so it is not 100% identical (read: test and make sure it works in your environment). In the interests of not needing to switch again, I volunteered to be a co-maintainer of ixdotai/smtp. |
@issa-tseng maybe it makes sense to pool forces and contribute to https://github.com/ix-ai/smtp. |
There were a bunch of exim4 security updates announced today, including several remote code executions.
The fixes are in buster, so it should be a matter of rebuilding images to pull the latest packages from there.
Can you please do this and push to docker hub?
The text was updated successfully, but these errors were encountered: