-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: arm64 Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: arm64 Build Daemon (arm-conova-03) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: 22ce5d113c15db12bfb29e494da5a5b17eac97c5 137092 exim4-base-dbgsym_4.96-15+deb12u8_arm64.deb b71abeeed302ea0e2bb0627617dd59d028d04407 1116828 exim4-base_4.96-15+deb12u8_arm64.deb 5b8adafc786ce93d5b8d0a62fa4f5841dff1bb70 1603200 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_arm64.deb 29a7086b265a147ef3f09b00de3e4c1007dabc6f 613176 exim4-daemon-heavy_4.96-15+deb12u8_arm64.deb 6bddd2942122138a173131c9af8177799cf2b89b 1408984 exim4-daemon-light-dbgsym_4.96-15+deb12u8_arm64.deb 0867d012a450a9aaa02d8d839480609981140452 558064 exim4-daemon-light_4.96-15+deb12u8_arm64.deb 1ba60c9abac2439b5efd32abd68c7774587782ff 39112 exim4-dev_4.96-15+deb12u8_arm64.deb 6fd61bc9a0ec0409951f209e4a61701abe045f9e 11324 exim4_4.96-15+deb12u8_arm64-buildd.buildinfo 3820dfe2e4505c4e632e0f63ae5ad258f8bfdb16 136760 eximon4-dbgsym_4.96-15+deb12u8_arm64.deb 0933adee9fd1d0f3ea49c03fb3e93193e29e37ca 72488 eximon4_4.96-15+deb12u8_arm64.deb Checksums-Sha256: 2589a85ad508e0756c0876cf842867f5b424b6bd6d4bb74acf5c88cd3ad92a0d 137092 exim4-base-dbgsym_4.96-15+deb12u8_arm64.deb 5a877595956fcbb78b352cf6020fd59b7b339ed1dee23ad8f45d47f6d2ee44cd 1116828 exim4-base_4.96-15+deb12u8_arm64.deb 86e7115ecc1e729e79d7aa38be3da5fda8057c13e6e5009dd2b69b9109c41593 1603200 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_arm64.deb 68e4b344240bb449e3df0cd2e122f517841092213d3d9c1893e543941ebd84a5 613176 exim4-daemon-heavy_4.96-15+deb12u8_arm64.deb f67fa9a2fa7b1a48ce91415b1411b4072c9d1ee33779f3872e2ac54d4bbb38c2 1408984 exim4-daemon-light-dbgsym_4.96-15+deb12u8_arm64.deb d4a5fa4084a38e6b41ee2af33aa51fbb15bbaed8ec748bc34b7ad0227787c88d 558064 exim4-daemon-light_4.96-15+deb12u8_arm64.deb 0c3efe97656916099bf45ef846584ba458d4ece9fb5980d09f20d8aa8396c1d4 39112 exim4-dev_4.96-15+deb12u8_arm64.deb a145f86b42d638b4110ca58925e1bbfd573dd5b5a877afe90dbc6332b9b22386 11324 exim4_4.96-15+deb12u8_arm64-buildd.buildinfo 3b3a0901bbb16bce4c0fa9f4adb035283d5e5d2baf8d815a73cf2c0e1798ba62 136760 eximon4-dbgsym_4.96-15+deb12u8_arm64.deb 419d84218552d1adc668b187f04097600879d5d2f041967b28f36ea6f63072f5 72488 eximon4_4.96-15+deb12u8_arm64.deb Files: a841b93b7bdd8252b3ae6f77da13a7d9 137092 debug optional exim4-base-dbgsym_4.96-15+deb12u8_arm64.deb b68dbf1a6dd5500e0d1621a0f2064770 1116828 mail optional exim4-base_4.96-15+deb12u8_arm64.deb fb62246e4f501fec3303a82e4744a23a 1603200 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_arm64.deb 8dc427ac17cd83b42d59d57c7ed2a267 613176 mail optional exim4-daemon-heavy_4.96-15+deb12u8_arm64.deb b05dc9b43a0215154657415340097686 1408984 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_arm64.deb 222d16a124980b1eab4c124ec9569315 558064 mail optional exim4-daemon-light_4.96-15+deb12u8_arm64.deb 080b2974b0c81dee19876bc8c9805505 39112 mail optional exim4-dev_4.96-15+deb12u8_arm64.deb af586759c233f153c26f65aa48a6a884 11324 mail standard exim4_4.96-15+deb12u8_arm64-buildd.buildinfo 28d9444dc3b66b1d9256b8ac04071218 136760 debug optional eximon4-dbgsym_4.96-15+deb12u8_arm64.deb 38736c566d0e9e23e88cebab575ab982 72488 mail optional eximon4_4.96-15+deb12u8_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmn3gdkACgkQXVp1sEH/ 1mJosxAAmN/t4SeV+3lwLakVzQvoXKDeYZTgdmxSNY/QYAEStnzuLJmdHVcGbBZI PTcRniDG99zRxt5xKID0PjwI+jKa5syFh+qUEdy1pUf60WGiyqh3mPaVW9mV8WpE +bxIs/XGAXD48p8kAX49fgRTQ0UJuAGd172oyjGG+HUq3WptMGymckjDGXh7uD6q 3lU0XISX5t9eLOwxrASqE8uGn5tTy6emWzgVeO3jYECuo3eUfNHVrb/kYXDap6Nh uAQqIGyByuN42U1sz/9bglFWDkO973Uy2NOAhSeEBWYZUSb8eiwmvpNiw8tx7bj6 wobqJKLNCUSrFXi7lguLoBOnmYj/ICK+4Te5IBFMibYr51PWyPWm0opst5CJwajH SW+DtLFDo5QO/K3Q+h+DZljsDlzO/+KlnpIcqSDqi9p/Ua8EH7CRb2OxO/65RbjC Rz8FTNcHReUhyEpRaeYQyAmSA3rIWA9jF9NEB01NhpeAtfv4RWavVkdm2ApkLeVc ZjnLXNjRDRayKsMC6laPL7Th1gnt3Ta1KcKoKvnx6R8Zt4+ar75cYGUgDzuHulLn k/a+POoqd7IdRDnOZ2C6DrogXMAnm0+dDzEZMxkfmWNGl9uUiOccy2n7JSFmgi1r 6soVm9KUnAmj5j+whGzxE0sBenDS4fF2dP3j6QL0FVKRzCJP03k= =Ggd9 -----END PGP SIGNATURE-----