-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 May 2026 18:52:26 +0200 Source: exim4 Architecture: source Version: 4.96-15+deb12u10 Distribution: bookworm-security Urgency: high Maintainer: Exim4 Maintainers Changed-By: Andreas Metzler Changes: exim4 (4.96-15+deb12u10) bookworm-security; urgency=high . * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4. Security: PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family (12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21). Previously a frame with family=0x21 and len=0 caused 16 bytes of uninitialized stack to be formatted as the sender's IPv6 address and disclosed in the SMTP greeting banner. Affects configurations with SUPPORT_PROXY and `hosts_proxy` set. Reported by Warisjeet Singh (sin99xx). Checksums-Sha1: b3e376cab8722ef0278336b19001a18136a0091f 2927 exim4_4.96-15+deb12u10.dsc 1ff8dd1f32c8448824fb82371f55c4626b3485f3 520300 exim4_4.96-15+deb12u10.debian.tar.xz Checksums-Sha256: 3904d44f94b8a9bc76911f882aa13dc45c842c34c6204c1f707a867fb47ac622 2927 exim4_4.96-15+deb12u10.dsc 06c9e3c699a4171e7765369e87a883861252a70f436675d214ade95ee4435050 520300 exim4_4.96-15+deb12u10.debian.tar.xz Files: 76d06816770ed9c062942ccb8be11b78 2927 mail standard exim4_4.96-15+deb12u10.dsc e9ae3fc3fc2d975bf9eaab9da0256e3b 520300 mail standard exim4_4.96-15+deb12u10.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoYcJ8ACgkQpU8BhUOC FIQ/vA//eKWY9dSbbsHzBfUx29d1U6WR2bxNPskrOy1wv3tn6382z5CadPBTlh45 ShrHb8NOUPwpJHA1gFWoGbKJZDZKTXJ/W4wH4mGnuJSC7RQB3/vk870sgXtTikkY tS2fPshdj4XVULb+gnKR6zIEOIjlhgLKi9KIyGGTKU/rvEOoypFujzaBs1QCa0VY 6OvSjAxjSuvvKY4Y8d6WuGRligV0LYvwEgQBI4PuCtYq8BpxmumSheX9kUVvs/Bb +SFmKztEfohjbhz7FVkL5089cdKZFkRIVsAyEhY31XutMQ2v5bojOx8vB6LQ/G6c +WL+wmyVnQhcvjWXUQdZyJK2CpeqSMkboq8FilHO4ju3a4t6Knpn52lxOzvU1JWe 8FtmUDhfo59EQgV1AQ/1E3hF9zLhng4SGrInPbvmTrcx6Tdak3taqBsnPyO1lPlp 4N/vQSPCS7kyPQFc484DjJK3LFgP4gFBKd45JfgDpgHPbLYPPTS9QOxIQ8KRVh70 aYriwTejGr8uzGnFoCZhUsMJ1McQOhNgWA8+n1exfKDUg4WD2xQVGllGBhHrmTxr ghp+qgszHqNy6V0oID9ut8iS1ZuHisDdUIx9koTo9thwi5cgiHsIS1Fln2dGV7ES uRlndT9LNSgzgCvtbAzfIcfLJp47886SWXyXsQikOwbU6TRwJlY= =CdvD -----END PGP SIGNATURE-----