-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: i386 Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: 76e15bda89d76c3f8ff8609a9ce35e2bf63de770 128024 exim4-base-dbgsym_4.96-15+deb12u8_i386.deb c2cafc2da21529f32bdcb63e47f7b230742f5c09 1118664 exim4-base_4.96-15+deb12u8_i386.deb d9418c49df83d86040695186be4afeafd59df147 1457636 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_i386.deb 716e82825f368bccc8fdff10bec581e77f35f9fb 683888 exim4-daemon-heavy_4.96-15+deb12u8_i386.deb efd28937eeaced06ada910beb041aaf48eb67770 1282264 exim4-daemon-light-dbgsym_4.96-15+deb12u8_i386.deb d68f1d1f082fa15f7348978bba4b3524f8b4b350 623588 exim4-daemon-light_4.96-15+deb12u8_i386.deb 078e7e954afb604710c4b3fc8147596f64bbc166 39128 exim4-dev_4.96-15+deb12u8_i386.deb 4a55eea29ddf8be676b4ad013250d46e8208c9ea 11212 exim4_4.96-15+deb12u8_i386-buildd.buildinfo 51f4a02ba7cef224a02d1fc619bb65a276a7b2e5 125512 eximon4-dbgsym_4.96-15+deb12u8_i386.deb 21d04a2083ee3c5bd8fba145fb5723ca961d9dbc 75344 eximon4_4.96-15+deb12u8_i386.deb Checksums-Sha256: 232c56a7065e9196e621d7f8680eac1666da77ba6058297f8ea16b6d3dc5d9b9 128024 exim4-base-dbgsym_4.96-15+deb12u8_i386.deb ea3f075c3e3abc705f3888dbe0619aa876fc2d4244a32c24a5f86556d3074507 1118664 exim4-base_4.96-15+deb12u8_i386.deb e025c307383cef740922c7873e778aebe8e85ede9c88c7ab7b29c58b254d1dd8 1457636 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_i386.deb b900b6c73bfdc7dc1486731c27e407de973e4785401f6e74ff9a657da8f5d432 683888 exim4-daemon-heavy_4.96-15+deb12u8_i386.deb 8e3688ce80375878be336dddd823240f7e53adc7212d704ffebbd78c7dd33657 1282264 exim4-daemon-light-dbgsym_4.96-15+deb12u8_i386.deb b6244e1c0302f518d56668c52c62ba926b62d604b93cda1c2e4aa4f2685d9245 623588 exim4-daemon-light_4.96-15+deb12u8_i386.deb 2a5f471a0e6f94b4cd51f021ea0f514c9d8748e9e9ce097d8d095df433dd9e33 39128 exim4-dev_4.96-15+deb12u8_i386.deb 1b0dec14655e3330cd48b017bd09c97c9362ccb0d5df2e05225d0cb15827fe4d 11212 exim4_4.96-15+deb12u8_i386-buildd.buildinfo 41f4bcd491e1657a37c88605ca315e3280c8cbe7c2475e059d046851ac12e6ee 125512 eximon4-dbgsym_4.96-15+deb12u8_i386.deb 4e1702ea62a8c553e234790801a3169f4a6b753823bd7a3a978a84f7291a5a05 75344 eximon4_4.96-15+deb12u8_i386.deb Files: dd88feb1ab95de15a4adb23df6346b99 128024 debug optional exim4-base-dbgsym_4.96-15+deb12u8_i386.deb 566f85dde9243e3792891cd42ae62954 1118664 mail optional exim4-base_4.96-15+deb12u8_i386.deb d9852ed40979c2ba1de1fce23b6e649c 1457636 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_i386.deb d4bdb95a6473242a221c15a3ed2cb035 683888 mail optional exim4-daemon-heavy_4.96-15+deb12u8_i386.deb 1bb59170c877be8fd0f6f597c93fd703 1282264 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_i386.deb ace7211eb082b33f55dfe5629b0e6f5d 623588 mail optional exim4-daemon-light_4.96-15+deb12u8_i386.deb e0438574240d9e65e53158d334fb27cd 39128 mail optional exim4-dev_4.96-15+deb12u8_i386.deb c6ffff0085e89f228094a6beded27765 11212 mail standard exim4_4.96-15+deb12u8_i386-buildd.buildinfo b7bd84b52b5853b752b65ddcc8616a3a 125512 debug optional eximon4-dbgsym_4.96-15+deb12u8_i386.deb 3cdd1d6f50c10df9c27f0a9376e67bc6 75344 mail optional eximon4_4.96-15+deb12u8_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmn3gzgACgkQGNGWmfrq ILErnxAAwDAtX1KSu+YAF7OlI7VNjsbwT7lrC457EBc63w5aqW5KsNr4rml8UMwI vMfPq8+fbUQgPX5qnZwHOpCJ1JWnJ5DXclC/ZMhAU7w3IPvXQ3/dnG6JXe+JEDLs fauvMzSrEIwAez8BVzm6oIr602TDCgjG8+P4UgfMrNhLWCQNTLYtdECUurjmcpLv Kkn5VtLBAZ7wpSxeZYx1lnonkF0dVRCTZRNumxsCqLmCtfdfF9Ds+q8E8jdyCaJQ AX9ugXt0K7G/5GQvss+bKa0WP/GVEQkGunGdHtpXnLvmhlGNz+3b8FkMNkqK53UV NVGiFv+rjZhWDzS1H54EwkFtLfw+QH32c1ptd01A2tiLG/nCLAmtbSb6cB0MJ/3M zx9gFjvF2ylsTkLfY6pyg+XvdW1n/ZJxcx/Vsog7/XyxeWK/JdrwWlzf7ssmNjke 2zjIAVcCSrenlvgCjaY22jcMZ6BrsoOF2VOEuAzTIlH5Iyw0mk5Vldpurb98romJ IvvJmcaJT95QBlekNgJ6oTVeNt6g+B9DbGBOaXxX9nmr6d+Ab3ecL4ypExmfPktD mH5w0rSShTuwnMXmkqETQl34KFSB1e/7NTlwxFjwi1UFcC1C/k9isYR4SDf1Y8Sj 63hsHo/N+cRGWLp2cZqGReGITrir24JqQfVdMfSkeHL2/B+Ut8w= =5E5g -----END PGP SIGNATURE-----