-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: mipsel Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: 3d044fdf434d31e9cf7a13cbf83e090f80c4c51a 130460 exim4-base-dbgsym_4.96-15+deb12u8_mipsel.deb 5df81cd453c2db5d4f815d810527d5ea86f6b260 1117172 exim4-base_4.96-15+deb12u8_mipsel.deb 7ba40738934c26b4bcc5315e58f4884427fdeaec 1648376 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mipsel.deb 00f270471372d1a20481606a43fcb46b76f70ec4 590244 exim4-daemon-heavy_4.96-15+deb12u8_mipsel.deb 0f0f96f5935deac9e78fc74ee2355c21973c7616 1449844 exim4-daemon-light-dbgsym_4.96-15+deb12u8_mipsel.deb ddb3f18c2161af5f79365228caf93564446f5d9d 538648 exim4-daemon-light_4.96-15+deb12u8_mipsel.deb ccaa7b52709da215eddf51dcfc511e1caff7b8b7 39128 exim4-dev_4.96-15+deb12u8_mipsel.deb b41aaaad66900a28d2030f48adb8689ec9b5cb25 11111 exim4_4.96-15+deb12u8_mipsel-buildd.buildinfo cf325f78942f3f0b03578809a29d5016c7bc02bf 140700 eximon4-dbgsym_4.96-15+deb12u8_mipsel.deb 4d19017c875ffb38ce6d95e324e3f39c00a07bbd 71480 eximon4_4.96-15+deb12u8_mipsel.deb Checksums-Sha256: 7c3f07677c8ae982679c8c3b9ec35e43f258dfd434461d7b9ff8424ba1d58550 130460 exim4-base-dbgsym_4.96-15+deb12u8_mipsel.deb 05071d8894ac1449643cdd2537ca99a470f0a563f0551ff5643160ac223e45f9 1117172 exim4-base_4.96-15+deb12u8_mipsel.deb 39aa9076b12858a79404fb028f628beff405ade5c4d8f295e5f4e44e32e90688 1648376 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mipsel.deb d5085fe3a5ffb49f5ba49790562ebb7ee0ba7349885a8738fa78c797389ba2ab 590244 exim4-daemon-heavy_4.96-15+deb12u8_mipsel.deb 32463c080b3e6585cdbf92a54f09c9662fdfccaef94948ab6270e7050f80f0f1 1449844 exim4-daemon-light-dbgsym_4.96-15+deb12u8_mipsel.deb 64599931d36f0a4dbe68b80a3883c1a82ccad527f3606f27eec8c7c2d48cc05d 538648 exim4-daemon-light_4.96-15+deb12u8_mipsel.deb b2d020712da8e481bb898eff99ea499172dcfaeb3b6fc988ce88acef2a1eaedc 39128 exim4-dev_4.96-15+deb12u8_mipsel.deb d66399a6857eb3919ad364326f77642cdfbf8adb5bb55f35150966e9903e76f0 11111 exim4_4.96-15+deb12u8_mipsel-buildd.buildinfo 1f6e29711adf237b1e70dafe653c4df489af06462bb3bfccb1b189221fe85008 140700 eximon4-dbgsym_4.96-15+deb12u8_mipsel.deb 0f136cf6f1844da0974050484e71f85f5b00a7e41272ff09807a2af37cff9f29 71480 eximon4_4.96-15+deb12u8_mipsel.deb Files: 68f790ff37acc0bcdd6c56d8e0896386 130460 debug optional exim4-base-dbgsym_4.96-15+deb12u8_mipsel.deb 5f42ef0d31b425e03ed592d6eeb55316 1117172 mail optional exim4-base_4.96-15+deb12u8_mipsel.deb 71c13b78bc9d1362d801990924239c65 1648376 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mipsel.deb 8f20e8d716d70eaec5993290cbcfacee 590244 mail optional exim4-daemon-heavy_4.96-15+deb12u8_mipsel.deb b6a8ea66ca590b510b5d615d384c766a 1449844 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_mipsel.deb 069c0b076a6d7322c6b27ee0937d7cab 538648 mail optional exim4-daemon-light_4.96-15+deb12u8_mipsel.deb f6b93f782256f7c95508ef6f2d2856d8 39128 mail optional exim4-dev_4.96-15+deb12u8_mipsel.deb b0e27cb5cce2e255c5169eb10d020027 11111 mail standard exim4_4.96-15+deb12u8_mipsel-buildd.buildinfo d027512610b2a3eec0a054afe30c0e6a 140700 debug optional eximon4-dbgsym_4.96-15+deb12u8_mipsel.deb 68c418b3f4f4a4c1184764c764c53ac1 71480 mail optional eximon4_4.96-15+deb12u8_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmn3ih4ACgkQHrk2gTKe Wgjxxg//Qkq8FMNZvyOWNPeSVBERzGR23z3kbb5BUzv9FEMe5GkdDrh6qPZmGSrB FIvcDtVM1Ji18xAOpYBukPDVnaaI3sfWCxtzDEvXUQZjazqnmIjeKIQ20xnOKxb7 zt/0CdzWxqPiwJ3XxWuchjS3fbgcl4ofPtQAB2kuXWaEmAj3Mq0WamZzSkK+SgGw mpAmunXemHM3a7euPk635DmCZnjmDTRQwfW2xnqiNMxCuK9NrCgoBdK+JbYhcOuy izNdg40cVnJ1DRqKj8FnFh37m4k+MN7U7Z/yMBvAz1yiEGm5yrSoF4feiUlfDxYh CF4bNssZ65zDjr19qdeQx0S2/ElBpuF8Q9d9VGjnGJKDZ//8VzDVPFqorW2qbYap GwoTR7Vgn8Y0g5JXKtmWWE+jm6F4FyA8hJWOW07FJ0PqS7+XaqQJXlABYi2dGK52 3QxsAByk36lSzdr+vhtuJ/XgJCBPqB57XViJZUna0+19UAlTFjzUJq5RbV73KEUL Kp6k5WWvtckSzvQqHW6pEAJgb+1XPFtEWc3ZeG4x4LyuKt4ebxqI5Sy51Cykowgp Cn3eKQFEtjeesl8oJdYexlUAkU9g8p/06ITYHCGOVDxu4q9eLXK0XY4sJvFqBtSp C6uJ4mVWt+s63V92KyU3pmotIlNEw4/vwTnmwmDIJmZF2ANW89o= =W7ZV -----END PGP SIGNATURE-----