-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 May 2026 18:52:26 +0200 Source: exim4 Binary: exim4 exim4-config Architecture: all Version: 4.96-15+deb12u10 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Andreas Metzler Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-config - configuration for the Exim MTA (v4) Changes: exim4 (4.96-15+deb12u10) bookworm-security; urgency=high . * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4. Security: PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family (12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21). Previously a frame with family=0x21 and len=0 caused 16 bytes of uninitialized stack to be formatted as the sender's IPv6 address and disclosed in the SMTP greeting banner. Affects configurations with SUPPORT_PROXY and `hosts_proxy` set. Reported by Warisjeet Singh (sin99xx). Checksums-Sha1: 5f3f7b1530d98653e942f5efa15dffbd1599678d 256772 exim4-config_4.96-15+deb12u10_all.deb 6149d2a9fc1dbb10653ab9904f20c1cc60889e02 9098 exim4_4.96-15+deb12u10_all-buildd.buildinfo 2212dad1a351eb98bfd158b6d63f45f1b519c13f 7196 exim4_4.96-15+deb12u10_all.deb Checksums-Sha256: 59dc9973e8d8947ec678456cf8f05ab1ec068ea0590a3a18504fdfbf68312038 256772 exim4-config_4.96-15+deb12u10_all.deb 0d521d8a817dd161eaa10d2b5fd06ffbb4f78a900cf6aa2765a5caa041b6247f 9098 exim4_4.96-15+deb12u10_all-buildd.buildinfo 8fc373876e8add52c13732617fed319743528b17e86e60a5fd19ece27e3f78ce 7196 exim4_4.96-15+deb12u10_all.deb Files: f261f148865ea0905acd61dbe8fa0c9d 256772 mail optional exim4-config_4.96-15+deb12u10_all.deb ff27889e2b6f2dbf04b7c305beb9913c 9098 mail standard exim4_4.96-15+deb12u10_all-buildd.buildinfo fda3fb0a98b1bcd58d4b125f442dede1 7196 mail optional exim4_4.96-15+deb12u10_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmoYd/wACgkQmgPNRvTf /zdFUA/+IIvikdmiEKYUj1ywp9/OVffn2DJFZRUF19Uoq5KDu0G4NewtMRlBxaHm LIMStvVwd/ic3tt5M6EOpeT3Zwh5YN4yfbfxhfJKy+l6MFnTmTANuRfB/y0SC6cQ tH2PyfpgFPrpXseWixkuuSZtD67CRq4B5+Iyw4PLlKllm9C5acYP+uHFMr/Ye8Yq FktoaE86X73DcTeq1ih6wWsFKZ13l50+0iF5qmLITyRj5NMZMK0JNMGTlxGkdXQL MjQt5TeRtBWY000lPu4yoV9T8mJiD+U5jsQjqDr+2whL0lGHKWwEP1A5SELS2tzc 6cJndynaydHW2deoXS2gFZ/5H1yryt9fz4QU30EeJDEKB6ivKbvSDNaSabYYrkx8 3KEAERiEOan8PaWcAHBuNrvtz7hwcaefO27zCcG9yRt9oFKTPTnk/UDaXgefedMC gtlRQGvLAyiXqS1i3PAWda+h7dbZeGrZOHDOEwCiW8dejiJyCNZ443hX/Ks+LX2U ifsXk8FK7dxE4fz9sGHS2BAN+S8LPptaXb182Ylh0IiYYL85zw5or2VrazaHISmn tQ4VpuQGfRcrYZSIkkwfUrtVOKS6svvNO1EGITdAJwMIrYuLCpSZY73oBdlddcHC WdGUkk87wpHxs/Mvrp2uJSAp5g2s4N7wJLwua6hSrWfDaJ5vYhw= =3pK2 -----END PGP SIGNATURE-----