-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:31:20 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: i386 Version: 4.98.2-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.98.2-1+deb13u1) trixie; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. Checksums-Sha1: a58a6d780acda221030d559ec8bfb27a201a8da6 128944 exim4-base-dbgsym_4.98.2-1+deb13u1_i386.deb 9c7c6d1573d8446dd76c41b760d485b3a620f990 1142836 exim4-base_4.98.2-1+deb13u1_i386.deb 56c6e3dc3d23b56ff2eaf46295d189530f61a120 1523444 exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_i386.deb 73baa7e79d89d9ca877fcff4c2ae6826c88a8c70 707940 exim4-daemon-heavy_4.98.2-1+deb13u1_i386.deb 54484261ee77b9afa035db78547c98017b6848e1 1340688 exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_i386.deb 214269c36fe59371adf55529b7784ac64481eda4 646536 exim4-daemon-light_4.98.2-1+deb13u1_i386.deb b3f80e477e30c1d82b026bab971517adcc008fe8 36040 exim4-dev_4.98.2-1+deb13u1_i386.deb 9594991e664b3478d916e56bfb0222ed64355361 11144 exim4_4.98.2-1+deb13u1_i386-buildd.buildinfo a1952df22e6e123d0ac7cc1a6e46ae961ab09b8b 127252 eximon4-dbgsym_4.98.2-1+deb13u1_i386.deb 233f341b5609b6543fb9555421d922fa9090fffe 72724 eximon4_4.98.2-1+deb13u1_i386.deb Checksums-Sha256: 27d01f81155a3517243f05a8ed77ec69a2da9bc84c38f82d82072b2790dc14da 128944 exim4-base-dbgsym_4.98.2-1+deb13u1_i386.deb f15f1d39a4251d46bd11255a9e853798d6cfbcfdc7548470b716b4bdba1a8657 1142836 exim4-base_4.98.2-1+deb13u1_i386.deb 19e7fdeddca38daeddb299afd123ffa33d4538ea81001304b6fc74bff31707f0 1523444 exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_i386.deb 5a230ea7ef0604be2677fc362855fe15de85c6c92153ddc14f0305b5d433daea 707940 exim4-daemon-heavy_4.98.2-1+deb13u1_i386.deb 4b853dfe3350d755e22b8e08c79f63e2fef7b85aafbf1fca953526e1c511ca85 1340688 exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_i386.deb ebd55877eb95a45ef25b4c2a55018023793977687e7efc635f77ee40256742af 646536 exim4-daemon-light_4.98.2-1+deb13u1_i386.deb 3d5f953a624b34dabac64d24fe8f3a49fc90fda03a198f6ad5c15215fe1f42aa 36040 exim4-dev_4.98.2-1+deb13u1_i386.deb 21b066151bbfa25a60296180bfd30c414c5ee032f5b1ef633fe5b01492208127 11144 exim4_4.98.2-1+deb13u1_i386-buildd.buildinfo d6b0d5f5163555540e2daf71e5aa80e647badba84b2a678a1c10b9abd57d9ef1 127252 eximon4-dbgsym_4.98.2-1+deb13u1_i386.deb 940cb54196e5078e036e742a89bdf498b09fc149379d481bba7db4ee8b175bfd 72724 eximon4_4.98.2-1+deb13u1_i386.deb Files: 8170fcb7c83cbda9f9b42f7678a691fb 128944 debug optional exim4-base-dbgsym_4.98.2-1+deb13u1_i386.deb ed0fbf1e3e77b4230bba9e422810e6a6 1142836 mail optional exim4-base_4.98.2-1+deb13u1_i386.deb 41365f1e7237339b76e71a634b994284 1523444 debug optional exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_i386.deb b0a3cd09b5b19a2137fefad82c98f52e 707940 mail optional exim4-daemon-heavy_4.98.2-1+deb13u1_i386.deb 25761c361bc2fbc1986641e11c7af334 1340688 debug optional exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_i386.deb 367f508bd1884b693649fcbd8e7fb48b 646536 mail optional exim4-daemon-light_4.98.2-1+deb13u1_i386.deb 03b8aec0b34cba7fcb8e72f2015d6339 36040 mail optional exim4-dev_4.98.2-1+deb13u1_i386.deb cf27ead7094110c68194473b4e1f1083 11144 mail standard exim4_4.98.2-1+deb13u1_i386-buildd.buildinfo d094a55b152a392b0ca6b4e1ec3c492b 127252 debug optional eximon4-dbgsym_4.98.2-1+deb13u1_i386.deb 6957bcc57c7c68d7ef920e5e16c86bbb 72724 mail optional eximon4_4.98.2-1+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmn3h6sACgkQN8Ugyu9d QiTq+Q/+OJgCkrm80O6fuoYs2Mz6A9qAsS/3fOKM8qxmEQaR49BAkTgpwfYxOoem 7GLZKdhav9OKb7AZ5ZAzOH5EEkkWZCo5CeemDVKslTnj/L6cBrvIFrfw391lrvKd EhadY4X/5OPS5/3dtAwIE0Cl33G0UIj4KwE739KqfXlU1BHJB63p4WN/CLnZiPEo ed0mFn/IH9QgOb1aq97VSCXFjHw8ql3IzKd0DVvmOoi487DAv7SsVqEvytinIjhv GNVdxNOt6brn2ffMuugEeERplD0n7jQT9i1lCoIuGwr4DpqYRKYXiVIwfJom8wRd /vWat5uOtRXqr/yJRKi+3RzZ5eXblfW9nOEgIbnJFBgC3tiNY5ZKyZJgi546s7tR YcpOTb1Hk2VuAJtU4sq5tvahllWzcljoPeYhjG8JuhH1Xx9z0TR2Yl4FdGeg42GD mav4hEXKGmhOr0YzqaB837zqzLgUDWdsRMkVST5QHRQ1WmSll+Wfm8NMkTkihoMg G0nZ9NbPXsKFFf4rR2HRk1qM9YUgCqnz3i7NDK56fcmbNJ42hA6+2fpX2mXPBfZ+ eOYEO26QQJY6iFGTBHoh+ujDqaQlaz+KOuRmYwy1BCDguOQNQh9un3O7IdkWgRdO MHWYBT9x+a0+rF2okO0QGV2eFmB2FERQNQszgEB5IY/lUJ8F3tU= =OdKo -----END PGP SIGNATURE-----