-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: s390x Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (ziehrer) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: c42e161de25501b17b0699a4b97c907d0f5e01b1 124412 exim4-base-dbgsym_4.96-15+deb12u8_s390x.deb b8bfc2f4838813eb8565d0c3b43379a1b05a0bbd 1116444 exim4-base_4.96-15+deb12u8_s390x.deb 5da6b7f6cc0bc316d6e35c12f4188af9796ec1f8 1574352 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_s390x.deb bf8113f4859a915a3d082cca994c8013bb98ff7b 599436 exim4-daemon-heavy_4.96-15+deb12u8_s390x.deb de91a187103edbedee01a6453fb1a3c24ce6934f 1382152 exim4-daemon-light-dbgsym_4.96-15+deb12u8_s390x.deb 8fc9926506344090d15171417ba70061f48d4928 547232 exim4-daemon-light_4.96-15+deb12u8_s390x.deb 314cf687a01b8c88ef21e80c1f914623699d947d 39112 exim4-dev_4.96-15+deb12u8_s390x.deb 2152a011442bf4bcc7ff6fc1790669d51bf45833 11196 exim4_4.96-15+deb12u8_s390x-buildd.buildinfo b33b5977e0cfa1c51dd9ed6443262b8c7cc34681 135444 eximon4-dbgsym_4.96-15+deb12u8_s390x.deb 504d063e8a757aef04aa4b970b4cf71569ce472d 71960 eximon4_4.96-15+deb12u8_s390x.deb Checksums-Sha256: d24b9635a5f260c4dde613c9c7488d62249652ccb890e23163aac5bd63346f07 124412 exim4-base-dbgsym_4.96-15+deb12u8_s390x.deb a9bcbac62946102e0aa8fa825cabace00357b2035ece397d6cd0b6e27b74fc64 1116444 exim4-base_4.96-15+deb12u8_s390x.deb 58aff5894cf472d1794b83ab7791622093848318e72905b89119a038f33214ae 1574352 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_s390x.deb ed487461c1646fb230d3e0886a5e45cdff461c0749206ef2a1e67ee457201114 599436 exim4-daemon-heavy_4.96-15+deb12u8_s390x.deb 157d14fe5ec5451e949d39277cc442e7d996a8a5039d8378869e5f5d3d263d67 1382152 exim4-daemon-light-dbgsym_4.96-15+deb12u8_s390x.deb f59207e32001c6696eff40c368b7aa7ecc9ec43227693ee49933c1a8ca9932df 547232 exim4-daemon-light_4.96-15+deb12u8_s390x.deb b527d0e6a1d23730ddc2a9b810762400f824d3b358c089f30181582cb424d027 39112 exim4-dev_4.96-15+deb12u8_s390x.deb ce3e8c820f11717866c5b95def1d609a9f2e0e4916116a64a0a6bcd768bc8772 11196 exim4_4.96-15+deb12u8_s390x-buildd.buildinfo 1eb83f9350547f640f457a9b45494e8247ba165d26967f8e7239ba0b57a54d70 135444 eximon4-dbgsym_4.96-15+deb12u8_s390x.deb 1d3bc50871ddd4ce0a954521270c9fa18a8f16f860c08acf1104871d10b81a49 71960 eximon4_4.96-15+deb12u8_s390x.deb Files: ff8b72b2b0c82bf765db2b1470a45fb5 124412 debug optional exim4-base-dbgsym_4.96-15+deb12u8_s390x.deb e391aba9201c2f04e6d2dfbf5c1aabf3 1116444 mail optional exim4-base_4.96-15+deb12u8_s390x.deb 0c35ba4539c73b6b865eb7cfb2aaa358 1574352 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_s390x.deb a84f246e22b76356489747c85f64c15a 599436 mail optional exim4-daemon-heavy_4.96-15+deb12u8_s390x.deb bf48a5e6c9052b3ac5efab67de6321da 1382152 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_s390x.deb f17f4772204f49d976a1c050b152f539 547232 mail optional exim4-daemon-light_4.96-15+deb12u8_s390x.deb fe6a1f44b683936f320fbdc72943d052 39112 mail optional exim4-dev_4.96-15+deb12u8_s390x.deb 9448ec1bd96f3382675c6af8631cfc1c 11196 mail standard exim4_4.96-15+deb12u8_s390x-buildd.buildinfo 7816b813efdb6b54a4f27c1e6dfef395 135444 debug optional eximon4-dbgsym_4.96-15+deb12u8_s390x.deb 40d365da245b5f7f9f2a644a903790e3 71960 mail optional eximon4_4.96-15+deb12u8_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmn3gwgACgkQMWUFebkH noSeNg/+Jc2h6wGlWwhJMUafz5Ub8O9JxJoX3400iAA+do08LL3xvVmIO5NJu6Y5 JEi4jLLyssSxwaWTaLrIuFi1qEp+e6xUWrEDKLkIT6UyDCHqkOLg72oUWHmtQWOr kwvkitnrfBIbKUFkYSFPN9+bVZMC43fY/TI5d83HMTniv3lvNZ4Vl2xuWiZ26+kQ AeCKhfJFyDRKGqbPqJ/2pUI95Kl6HdWcDbKdXsW58nGUE3OhGazGIJUrQ3mapfxF FNea3k6hCq67vQABpk0nCYkqInjTNHmBrVKL8ytJW5yxISBUPggjAGpc54ECpNmV dLDQVVi91TlkEApz3S2JYCcVz9kvJEL8FfoyXL5giKawZ+93MkalIOyTbQKfO3SJ yhODlvste82rqFIvpomZoc4kjU21UuFcAxshXHHjaCBRC2lIi6AaygrPJd3Yg6QO NzRpZy3NiaYuO5LYejVeQjYTRZRQYPqwwbTq5KMZ9JEXopNxIpBeziyuL5Q5RF3r otZa+if/9AJwtwl4MqOGNZ5BJXNPHzNXdlty5x+8nVtVMjtR3z61dwA2UcfZ5ah9 QQFvaTdiF9JHjFekDlwNi49wCWFjlpabJhcRuKqAH6KE7yrjolGzvx76tCDjhvrI rHG8CezQbC/Ef83373EMrmp3AaVvRRAgIc2SJo9GD0EDjiXda8Q= =zUsj -----END PGP SIGNATURE-----