-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: armel Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: armel Build Daemon (arm-conova-02) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: 8979273be15150dfb29ef6d1bb29e412b3141268 127372 exim4-base-dbgsym_4.96-15+deb12u8_armel.deb c22e71ea6c7e18b5b8d4cb8bafdff99911481957 1113920 exim4-base_4.96-15+deb12u8_armel.deb 415356f2b5ec68705d492926b84eabc5a9862905 1566436 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armel.deb e23c54435b6bc61f5749ba96f63b2f4aa1673275 599348 exim4-daemon-heavy_4.96-15+deb12u8_armel.deb 9af6ccc8ecd10ab46065f5a209322eed6dbdc4d9 1373684 exim4-daemon-light-dbgsym_4.96-15+deb12u8_armel.deb 8c61d55c197d5a0aa2628af770bf26cedddf22c4 544664 exim4-daemon-light_4.96-15+deb12u8_armel.deb 80d68f374acd57bcfd577063314952c0c9e46194 39124 exim4-dev_4.96-15+deb12u8_armel.deb bdbadba0a7a042319bfcfb936bd84565829b33ca 11166 exim4_4.96-15+deb12u8_armel-buildd.buildinfo b86219aac142181459e0a3b7b61d9cfe3c6308c5 134696 eximon4-dbgsym_4.96-15+deb12u8_armel.deb 18ebe7ba80957ba2225c43db59dd2e6691dc7a5d 71168 eximon4_4.96-15+deb12u8_armel.deb Checksums-Sha256: 815a48a4ee8de3ffc872812d714825759097824407f02c24e8c13f3db4c4f29d 127372 exim4-base-dbgsym_4.96-15+deb12u8_armel.deb 3802025cd4e1bc67d1289e713fb679c0bb597fabdf7569ac7ec70a5a13792c6e 1113920 exim4-base_4.96-15+deb12u8_armel.deb 2398a285ae986f8fc8177aa81b6cb09d7702bea49cdfd932d89b0a88b8ed96a7 1566436 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armel.deb f070365dd94fb4a07b49dbcc2651a7fdb4844f5f3bfb125d3ef914888a521612 599348 exim4-daemon-heavy_4.96-15+deb12u8_armel.deb 523be12f065a00c41b107fb1c0f62af708492fcbfbeb897adc9427ae0bf30e41 1373684 exim4-daemon-light-dbgsym_4.96-15+deb12u8_armel.deb 72a8bb73b6b381f881a47b0f058c641a5c790f61e556eb5c403a562b00a7658d 544664 exim4-daemon-light_4.96-15+deb12u8_armel.deb fac9f91ad49407cd0fa4908bf1c36ce9e7963e2c547f511c6ff8dadac4ff0afb 39124 exim4-dev_4.96-15+deb12u8_armel.deb 5e80e5d81a1ba7513db105849d5bfab12a9da1af8ee55602d1871776e8ef3c52 11166 exim4_4.96-15+deb12u8_armel-buildd.buildinfo 27840c62414e5bbc1ee79e6eebcf2b4a395ad0c942c5d318f7b1136b99809fe2 134696 eximon4-dbgsym_4.96-15+deb12u8_armel.deb 1df559b76abc361cda1ca320a884095a9a56a9593a98873c2e5e69eeaaf094f2 71168 eximon4_4.96-15+deb12u8_armel.deb Files: 210214d973185fb6826978f9691dcf54 127372 debug optional exim4-base-dbgsym_4.96-15+deb12u8_armel.deb dd08e5b55f91e225e0fe7cc863e56284 1113920 mail optional exim4-base_4.96-15+deb12u8_armel.deb 01ba1c0c7b7b0ea0d7e8fb078bc62d36 1566436 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armel.deb 46d67dce8a91d7cfd238ef57d8db3f1b 599348 mail optional exim4-daemon-heavy_4.96-15+deb12u8_armel.deb 8c29775a2536fc15aca15b3de1e826a5 1373684 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_armel.deb 5d506daa42a1dce82a3788c0408828aa 544664 mail optional exim4-daemon-light_4.96-15+deb12u8_armel.deb e3b6997c23b3b3a88bece4a1c1b27c49 39124 mail optional exim4-dev_4.96-15+deb12u8_armel.deb 0ce71f09bacbd4e294fc36993ff5bbd7 11166 mail standard exim4_4.96-15+deb12u8_armel-buildd.buildinfo 40df745b0b379d2e83eb695a334e7117 134696 debug optional eximon4-dbgsym_4.96-15+deb12u8_armel.deb 8115eafebb721f857494feea1ce8cc78 71168 mail optional eximon4_4.96-15+deb12u8_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmn3hNsACgkQOQKMdMnE H5ODrQ//WZg5JdocTT17qeRGJJBfTbPWRW3c8XG9wOMGn+a3e8Ksgvt/Kfy3XouT WWKXA7RkZNkMN8mBvZkYd4jGhIjxsrGJS2PMoW+6GktQY2BycqKSFq0+Sm5kxAVm +RaPL2IQTn2v6ypzCkW4wbm5J1fK2EzUcK6iQAQjG2CdcR93pF7ARukjTH0yZIJI ab4BBBwX+/zP0wR5d03kQQOeU6ZnIM/19cQ7weiOspXjpMnyonCNa95kboujFhPs etfr0Z76ggorHLsgHtcujVHsFFMisUtwnJpORsv6WoJOUCWTszdDimMcyA5SdYQd FiqFxAtuRyBtjM4KU8BH7DttLjDjYaAARiUTwsHdBWCGP53WFkWHPYSrR5hVjo7Q qG4/LqQL0+byJw1mmEExk9bYjFOXStpf29aH3aEzFosiKH3eCi4AY0HljP+h1kkN OLPktOSeDIMBb/kG8LDKlqDEUR2UrdorX8/GXkdOGBsxRqXTG7Tw3MsLAureAjvW HQxIY+8YPUL9HGQxBbT2srU8hPbOX3a0KNbKhYdpQgmFb6T6TCQ1yHoJynZTFJTu u+4j+3YsKe6GjtzoT7rRgQGSaOeiSJ4ZBj5iLhmXEZ5GE3LS5MtpkruEwH4wdufl S/6Jgt4FEqTGUpPd1ArMzWN0EPWNk7sE0aVYXknW7dHHTyIMdfE= =epkH -----END PGP SIGNATURE-----