-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: amd64 Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: e4e743766772093632106f11980e79581a284fbe 139148 exim4-base-dbgsym_4.96-15+deb12u8_amd64.deb dc89ab23958c065d9a4598e5feb1031b0ed64cbd 1118564 exim4-base_4.96-15+deb12u8_amd64.deb f0e009732e230eca9046c953179d94347700c403 1614288 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_amd64.deb bc6b93332a0b9cab6389945d5d0f53c8a6ea7b02 664644 exim4-daemon-heavy_4.96-15+deb12u8_amd64.deb c5e710196f98b60746823b7a7ab500f9c5f34878 1420296 exim4-daemon-light-dbgsym_4.96-15+deb12u8_amd64.deb 4698b953835cb426780375cc89c90856ff12b0c6 606064 exim4-daemon-light_4.96-15+deb12u8_amd64.deb 68d9494fcd98859b886ff51bb932bc3ca18242b4 39112 exim4-dev_4.96-15+deb12u8_amd64.deb 17586fe0645e73803677d1bc3a0386540cc3180d 11309 exim4_4.96-15+deb12u8_amd64-buildd.buildinfo e6dad74a70a214c6ef03c9869289fb1f1badfd8f 137140 eximon4-dbgsym_4.96-15+deb12u8_amd64.deb d3f752298437b3c8efedb5e9a4e2c09d2ad126e1 74132 eximon4_4.96-15+deb12u8_amd64.deb Checksums-Sha256: d44a88f19bc783fd6420676e8786319b244a13591c165158c7f46d82f18ed3dc 139148 exim4-base-dbgsym_4.96-15+deb12u8_amd64.deb 5f6682db8adeecb30f85a77730e50e49c43ddd002baa7aa87c3cd457bb085e05 1118564 exim4-base_4.96-15+deb12u8_amd64.deb 72428be2d7ddf418f4a79cbd2e74ff9b1c7999048f0a084bea4734f47eb0d6dd 1614288 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_amd64.deb a67d26985ab72a85e0dc011cdf7ed9013f6dcd45bbf26df367b7b77e8e32e49b 664644 exim4-daemon-heavy_4.96-15+deb12u8_amd64.deb cd00a2c2df62e45ac09ba0da1b855e86252bcc548cdcc6ab49ac309b5c08b9b9 1420296 exim4-daemon-light-dbgsym_4.96-15+deb12u8_amd64.deb fec13bad110c5666b32adba59d20bb2f6931405bab5fbfd6d90fbba6d807359e 606064 exim4-daemon-light_4.96-15+deb12u8_amd64.deb 6683ccce285344ca70eb928bb857bbb552c209e9dfda15feb9335b927446c111 39112 exim4-dev_4.96-15+deb12u8_amd64.deb 174af4ece38dbf08f6003b1a07cd4d4a65f7b2a3eab11e0942ef95a00079c43d 11309 exim4_4.96-15+deb12u8_amd64-buildd.buildinfo 8fa56e650951430821e81db73c37847c330d64a66d82b150dbb44b833881b89f 137140 eximon4-dbgsym_4.96-15+deb12u8_amd64.deb d064ca6a576fc3f67038e2084d4a39bd25b32a3072b951a18b2cb3188ac37e23 74132 eximon4_4.96-15+deb12u8_amd64.deb Files: 26e79d168eaa59ef95cfc6badc780f1c 139148 debug optional exim4-base-dbgsym_4.96-15+deb12u8_amd64.deb 44bb094b0c5ae706b1f68e6efe748719 1118564 mail optional exim4-base_4.96-15+deb12u8_amd64.deb 33f0e451c53f2f3d11f9c3cdccd44f48 1614288 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_amd64.deb 61986c4eb3ef0d511f5f467db7f840b6 664644 mail optional exim4-daemon-heavy_4.96-15+deb12u8_amd64.deb 30600719571f8612783754600840b5d0 1420296 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_amd64.deb 8389f8e8e265d3a89480afa4a30ccd12 606064 mail optional exim4-daemon-light_4.96-15+deb12u8_amd64.deb 211c060e3c8c4f69c71bbae883d40c78 39112 mail optional exim4-dev_4.96-15+deb12u8_amd64.deb b3c8ae2f9031e9fc21b7beab5b07a4ed 11309 mail standard exim4_4.96-15+deb12u8_amd64-buildd.buildinfo b61fb0a113677e77e87609cc0f2fac3e 137140 debug optional eximon4-dbgsym_4.96-15+deb12u8_amd64.deb 4c6897651bf7432a0a729f36b6069e28 74132 mail optional eximon4_4.96-15+deb12u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmn3g4EACgkQN8Ugyu9d QiQmmhAAmAXIqfM0MD0JzqHbDnOloGCA+bOGoLa9vpYiIhi73NbxdwielWmZ69ca H5QTT2ArbpQf+UiKweK40/ezKipP/XvQ8IbOZMgR/gWZuh6BG+Ug+qOvTqpE+cy7 6PNKhCQSMCtfcy1RceRztimVTraQcPxDMAHyNWQxo9Osa2g5KqUPzE/wH4WIoWmt cHdeo/SL86yFxWjxXE/wBnATkHloizC61UAwROMxxpWfRenc1JcVkutokNxApiAX BMpR7jyMzJg4JHq7m8u97op+pNwx6GNFf5+9WcWIYLGOnaMTLv8lPhHprYcY2fCC xDk2hMtXrWOlheAFS+uBSs9ww36m6b+2H8Tk4a1zmY75kL5KxHtJSGWzByOb8Q+G Gek822VkIAHenRQJ15Q+T4vb4Hcb1VMhVkkx37WEs5g77X+JcqWiP01CXSclUGJy zYSSAeSgU0Qr9sijn2a/BHn6C8H/uqmRjS8HX0Qt2D2bz12o7zZ4roF2ZfCRukvs lk/p6R+EX4r3qK19Wu3lnLdDOnivrwOJgz3En32p9mp5XMhFg58221yiA19I7IMj 5m5Bbd+XtJMIBKujhpwTTPZCJHx4yGGc3/dww4kKmrsJv3GcA1fU+q+hm/IgtFML X/bUisKZ4/14LV2JejZlChh9tQAj9f17W3rMOE8sI2UENBYwiAw= =414N -----END PGP SIGNATURE-----