-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2026 11:33:47 +0200
Source: exim4
Binary: exim4 exim4-config
Architecture: all
Version: 4.96-15+deb12u8
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-config - configuration for the Exim MTA (v4)
Closes: 1134984
Changes:
 exim4 (4.96-15+deb12u8) bookworm; urgency=medium
 .
   * Fix GnuTLS hostname verify of a server certificate with a zero-length
     Subject. Patch from upstream GIT master (Closes: #1134984)
   * Pull CVE-fixes from 4.99.2
     +CVE-2026-40684  Possible crash with malicious DNS data when using musl
      libc On systems using musl libc (not glibc) due to an oddity in octal
      printing it is possible to crash the connection instance when malformed
      DNS data is present in PTR records.
     +CVE-2026-40685  Possible OOB read/write on corrupt JSON in header
      configurations using json operators on invalid externally-provided input
      could trigger heap corruption.
     +CVE-2026-40686  Possible OOB read with large UTF8 trailing characters
      configurations using utf8 operators on malformed utf8 in headers could
      trigger OOB reads and might trigger some data leak if error messages are
      required for subsequent emails in the current connection and similar
      malformed headers are present.
     +CVE-2026-40687  Possible OOB read/write with SPA authenticator in
      configurations using the SPA authentication driver to a
      hostile/compromised external SPA/NTLM connection it is possible to
      trigger an OOB read/write and crash the connection instance or possibly
      leak heap data to the instance.
     +As a pre-dependeny to the patchset also add the fix for upstream Bug
      3106 from 4.99.
Checksums-Sha1:
 9d6f98eae352d6e587052dd75223d9f03074804f 256428 exim4-config_4.96-15+deb12u8_all.deb
 aeb25cc9ff3f3d996fa49150eea8ffcc42b22b8d 9083 exim4_4.96-15+deb12u8_all-buildd.buildinfo
 6322db279e749e7b1e132f5b8d63baef9b8bc3af 7196 exim4_4.96-15+deb12u8_all.deb
Checksums-Sha256:
 7a29d1111c5e7b77aa40354612e3b7774bffc2e7f021140cc82cfb818ed76ea0 256428 exim4-config_4.96-15+deb12u8_all.deb
 2307cf85ca428e54e7b7b7a5cc719212199fc5e2fd18d11daa418b564b06fcb9 9083 exim4_4.96-15+deb12u8_all-buildd.buildinfo
 0694cf36df21006ffcb5a546bcc71ff85156d71f27b9aa63963b7449c7b3f2aa 7196 exim4_4.96-15+deb12u8_all.deb
Files:
 cc8a18eff63306edb97255532911335e 256428 mail optional exim4-config_4.96-15+deb12u8_all.deb
 25871584ebb9cecc1f0c738758718220 9083 mail standard exim4_4.96-15+deb12u8_all-buildd.buildinfo
 35cbe3eb38209325e1545d9452b8d95c 7196 mail optional exim4_4.96-15+deb12u8_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn3glkACgkQmgPNRvTf
/zeRAxAApWWemXop2Od+QZ31k8+N3uUnqh6IAqhnF5i2EGwrTIodhggiJ8dehSmK
WSe8Y98RQ24iBNPUWeQT88zRMZVzNDDuLKNox3/VNxqyuf2C5naYusMzz//m8ukx
f8+y1sR/k0xIopFZtqXcsY3q8c5Glsv05VacihM5Z7cb4tFaDePStNb2FZ0c63LU
fCFNPJDFu31RnYGxFqaoh+NJq88Kxie/i0FFN6cW2xMli//YKfOG9zSNFhCidPhV
pS1LDKwc0IA0n0qmjqUdojO1mICTUkPFme8LwLcMEnMxqDbrjxy+3nIXyO8gLzZQ
YX0bVQXDE1kzBAQ4aZhGcpAHsYIBaAlXiJnyXdf+Upv3VPS0wE/YjWmaLn4dnpm/
L95j/wxnlC7D1JNOATEJFcVShsx8iVYz6+dpstiT9caYWf3mLDJePeSST+K0f5im
83zjGEWhcBtXr7NiOOS7H2bufmoStDw6ssCrn24mj+gy9eE3I+7k0oMRWVY4+yvO
bHjyIm4THD1jNVFYOU7xsIyPNyamdMXKrRuVv+vl85zl3fIL6YG2DE/3Ymy3ggHv
pqfO2rcUGL48ceFNSUdw1xo3NWjWj2JxUFHRR2mJjw4SgGTP6tJaptsPVZXF2ROc
D1JiDfyhZtmTK4AElr15kHMK1WKZ86FVD1FWt63qkZwpcGPVaRQ=
=pC60
-----END PGP SIGNATURE-----