On Sat, Feb 21, 2009 at 12:28 PM, Zack Weinberg
<address@hidden> wrote:
The constraint was set at 7.6 because of security fixes, but probably
those have been backported by anyone hanging on to 7.4, so perhaps we
should just relax the requirement.
I wonder if we could add configure checks to see if the pcre we have has these vulnerabilities or not? Glancing at
http://www.exim.org/lurker/message/20080709.200029.1ab092d9.en.html regarding CVE-2008-2371 it looks like we might be able to run the associated pcretest. I haven't found anything particularly helpful regarding testing for the CVS-2008-0674 problem though.
Cheers,
Derek