-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: armhf Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: armhf Build Daemon (arm-conova-03) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: d1b7754029caecb6cb7d7e9462242635c1af3df8 128976 exim4-base-dbgsym_4.96-15+deb12u8_armhf.deb 6c8d45208961ebed27a7899c9a431a38c565ee20 1114196 exim4-base_4.96-15+deb12u8_armhf.deb 4958f330108da1993b64419eae0b0443e92200e4 1587680 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armhf.deb e3622600dbccbc48aaecdb6435fc3e0b06b0949a 613084 exim4-daemon-heavy_4.96-15+deb12u8_armhf.deb 0601f7070ab9c5d4aca1e0daf175700935183211 1390180 exim4-daemon-light-dbgsym_4.96-15+deb12u8_armhf.deb 3087b1bd93c9d17aaaa988f8ed2060716162d6f8 558396 exim4-daemon-light_4.96-15+deb12u8_armhf.deb c8eed9e7c7f81c93bac51bd9d183d7f613eaf99c 39124 exim4-dev_4.96-15+deb12u8_armhf.deb 113060c6a89271ffbee22811334c275bddcf91b6 11168 exim4_4.96-15+deb12u8_armhf-buildd.buildinfo 833f7d23a023fdefe902244fefe47fedb15c80aa 136088 eximon4-dbgsym_4.96-15+deb12u8_armhf.deb 4062430b44ca1e5d7c93c3328586ba988364519d 70032 eximon4_4.96-15+deb12u8_armhf.deb Checksums-Sha256: 681c177b47c0dc47f1a7ae3421bac1380dcbeca72d9b958a157d24768124130c 128976 exim4-base-dbgsym_4.96-15+deb12u8_armhf.deb 19446188cd1e5f017b4fde4c5ef6be6d0e0c4744515ac8414aa2415b24822e7a 1114196 exim4-base_4.96-15+deb12u8_armhf.deb 63bf29293f6d03433ad78644a007fc5d4ae3f1c426b9ffb13468441b1f34e423 1587680 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armhf.deb ae94256b8f743fa23bdde57a1b73a6cabc4333e701f27746ec48c4eb59d63b22 613084 exim4-daemon-heavy_4.96-15+deb12u8_armhf.deb 566aa8f1f6352626fc76a2be9cccb8f68de4fd2296de133bf1c4f837cc028f02 1390180 exim4-daemon-light-dbgsym_4.96-15+deb12u8_armhf.deb ceac8eebfeaf27b416af8cb981faefb213d05532d8a935c5bf719e5f6cc7a8de 558396 exim4-daemon-light_4.96-15+deb12u8_armhf.deb 46d88f46c34f0122b6c87bf858f25a9200ac555f2049252535878e4d9c24c3ce 39124 exim4-dev_4.96-15+deb12u8_armhf.deb 39dad37bc14143174486afd4ca80f32e85df2dbc58887c98371f26523e87e2aa 11168 exim4_4.96-15+deb12u8_armhf-buildd.buildinfo fdb402912fdc86428cdf1e7f98703315ee1829c963152e4f24cf03acc1fca8e8 136088 eximon4-dbgsym_4.96-15+deb12u8_armhf.deb 58eeaba68c2742c4d5d8f7b9514bec78f7c2489d632601876b17dc3fe7f442d8 70032 eximon4_4.96-15+deb12u8_armhf.deb Files: 158dd0fc79b06ccc1f75f844ef8d1b0d 128976 debug optional exim4-base-dbgsym_4.96-15+deb12u8_armhf.deb a84c236402e97fbcb116bc58ddf70f22 1114196 mail optional exim4-base_4.96-15+deb12u8_armhf.deb 389de927e11f1ef21bef8503e4dbcdf1 1587680 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_armhf.deb 0526ce63fbdfc5145adb9e32bfaf4c82 613084 mail optional exim4-daemon-heavy_4.96-15+deb12u8_armhf.deb 9a6b987c07fde355c70f09fde7ba8320 1390180 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_armhf.deb 25e7fac9b33b1f7cbf3b013aac3df184 558396 mail optional exim4-daemon-light_4.96-15+deb12u8_armhf.deb bf2920a941762b8e24d9d3d9ba970e74 39124 mail optional exim4-dev_4.96-15+deb12u8_armhf.deb 7c332c01f2951d5853d07b8243a2f14e 11168 mail standard exim4_4.96-15+deb12u8_armhf-buildd.buildinfo 883bd76b4bc35a710a744283e1d025d0 136088 debug optional eximon4-dbgsym_4.96-15+deb12u8_armhf.deb 9120cae81998fc5e1c8751f3ae909c80 70032 mail optional eximon4_4.96-15+deb12u8_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmn3g8gACgkQXVp1sEH/ 1mL2ORAApsFdhapkY1fwYN0J/Feub4oVQSDOa3AHQVeiDF0h99wuuW8iEQVU5cke lIVESLw3h8ImlBQomtyAsVWrw9Tr/30wUfnBaSnXfUcOi2E8gUwlEl+sxUV+BZkB JeQsd4SErFWNny0DKFLh4b6QKAHqCr4Y8LTzGpYEpwhb0irsJDo33AnlgJaslvSn JTGnbIAwVWBi2aKF8jxaXLOScKW+MmuMGLJkL46swasxc1OB6ONFwZmXOmYdSRUz zc2KeU66jQlaxSHmDHEDfeLya36YbW3KYMs7XRC6L2LzlxJnyQfn8IZENP/pHaLP bEgMpbK97qNwDrMqQZxRPzEAFJd7MVZPyFOM7VgJDAV6s/5oibQFojWxZlw02zDo Y+n9RKKKz52Rn5B4Z+gNe4WlqOMptPPPrHqaWPTdUz3cpV2MUkoywONuOlJm9azj tZtsp28SGPbJdsLfA78lJtToTxjKD6T0KToZpCT5sLqfrwZ11HCIXbnHdoM8oE70 jp7f4ZxRX0n1/jiKpueyEyEM6gmtqtpMzQw9FvZ2jhPcmyIyMrBybpqaMiRPOS28 jIZD4qeNPpyJEa4EKENIOJlsFwinGFHZNGj23QCG9ROx7shsZdSNorYpFQ112h5j jpFmFZa8yMvOD3CMeDkhl9KOdHYLinnGebBhBVgxxxn/Z/pA1Ng= =Z0pr -----END PGP SIGNATURE-----