-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:31:20 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: amd64 Version: 4.98.2-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.98.2-1+deb13u1) trixie; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. Checksums-Sha1: 58653b34a0dda702f57db99550fd9466ee2649d0 139432 exim4-base-dbgsym_4.98.2-1+deb13u1_amd64.deb 8afbb85e154a503fb167d518aebad46ae1485f09 1141932 exim4-base_4.98.2-1+deb13u1_amd64.deb ffb5439fbedd357115d7c432470c71b8c1f61c70 1689584 exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_amd64.deb 51240fb457834a3fb202d455ba1e7bbea0339ec1 690704 exim4-daemon-heavy_4.98.2-1+deb13u1_amd64.deb bccf9e6e00665da47357f319f9af821433371c29 1487328 exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_amd64.deb 3c8d3b8d9ccd4d9e69c67ea20bca4d9a3978e990 630760 exim4-daemon-light_4.98.2-1+deb13u1_amd64.deb ba83c83632a985ae00dd6f9f191bdc7db7c3aedf 36040 exim4-dev_4.98.2-1+deb13u1_amd64.deb 540c50af2b46bc551182cabf685619354d6379d6 11264 exim4_4.98.2-1+deb13u1_amd64-buildd.buildinfo 61bc25a1ed04c6e9d1368e7054b02bf2d247f0a7 138636 eximon4-dbgsym_4.98.2-1+deb13u1_amd64.deb 16162018b66ec486ba72935bae7e0b137a16c44c 71536 eximon4_4.98.2-1+deb13u1_amd64.deb Checksums-Sha256: 7abe8011590d0969339ae7a401bb920b2fd7795be99ac88720f9d846ffc391f2 139432 exim4-base-dbgsym_4.98.2-1+deb13u1_amd64.deb 7a0bf6ac47a52131db47bb64e16642b4aa0d338708756c621d205f69d91eaf0f 1141932 exim4-base_4.98.2-1+deb13u1_amd64.deb e52c8f569a534e7dda899d7ca842aec80f7839fa8878cfbf6804ac1376c2e981 1689584 exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_amd64.deb ff4a29f72bd81f00bf4df39e3741823a5a2bc2763c921eaf73aeac1c84e2345c 690704 exim4-daemon-heavy_4.98.2-1+deb13u1_amd64.deb d6e79989aa1f669995514c242bd175b14c389bf1eb06863d254ccd7158cbbad3 1487328 exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_amd64.deb 2d4a575466ad8cb7021b32e5a216ee379a5d4beecd5acc8c9a5a41d88a9eff60 630760 exim4-daemon-light_4.98.2-1+deb13u1_amd64.deb 9aef0a0cf03b5a9708e2865526722b728d374c763f4fc94ff842acb53aca637d 36040 exim4-dev_4.98.2-1+deb13u1_amd64.deb c7ac519fcc5f42c5cf9ad2e45a5ad8c1a4b319e9493aea403ab4b072dbbabf05 11264 exim4_4.98.2-1+deb13u1_amd64-buildd.buildinfo e92e1374c203f0c6f447345a806337b511568c729ca059c9cd761c8da3072294 138636 eximon4-dbgsym_4.98.2-1+deb13u1_amd64.deb 63e4cbd1cb667cf6c28a020d6f0ac05016d395bbfafda7cf1372e9277ef693e4 71536 eximon4_4.98.2-1+deb13u1_amd64.deb Files: ea1882ad4bc86ccae66a14570ea42f65 139432 debug optional exim4-base-dbgsym_4.98.2-1+deb13u1_amd64.deb 80d45c05d5ead5ba649c2610baead4d3 1141932 mail optional exim4-base_4.98.2-1+deb13u1_amd64.deb 256de640f7271d3d4e80a17bc831c74c 1689584 debug optional exim4-daemon-heavy-dbgsym_4.98.2-1+deb13u1_amd64.deb d6b867959dc4e5ef5aa6a7d6631aeb7f 690704 mail optional exim4-daemon-heavy_4.98.2-1+deb13u1_amd64.deb 2efffaac679d37eb4e303eda4807b43e 1487328 debug optional exim4-daemon-light-dbgsym_4.98.2-1+deb13u1_amd64.deb 41490693353083b85897369c35ae9649 630760 mail optional exim4-daemon-light_4.98.2-1+deb13u1_amd64.deb ecfa665be549279206fbcbcab405b32b 36040 mail optional exim4-dev_4.98.2-1+deb13u1_amd64.deb 2c50883f6c3cb370caeff987296eaa60 11264 mail standard exim4_4.98.2-1+deb13u1_amd64-buildd.buildinfo a361e49509a6870c5182ac40052919bd 138636 debug optional eximon4-dbgsym_4.98.2-1+deb13u1_amd64.deb d09de79eef2770cefe89f2e2b269aaff 71536 mail optional eximon4_4.98.2-1+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmn3hlwACgkQTwt/65ON 6zeEvA//Sysmdpl+M4P9VMHohg3ZKgTnApueXXEC3f+1gld8BrXdIoLwmc8JtLw4 9zn74VOMbGi6flmxGfih++tgYy+JwO8HXPeQiRqJsTnAGYawBDNQezldbFuCWrQ7 aCXOOniaDizQJDYvU2OjJK30O3QUf/mApwFUtIPx9ePhP0ktCuvBARmDZptwmsV5 x+JKsIrvDI67g/2sR+0wTsnOuulI+sFgkPlXyC70bIjngOUqctuEAFJo3dqVxhBh wzxA4ht/Jo8wxOhZ/iC1DQu1kOWrqztWSf2YVeb4zlFVxF0aes/+IfcQzGfZwaCx hrd9YuEznlCkcz1KHq8zOS9E5LfOc5wF96hnkMf4NBzNAL/p8Dbz58Clew2z4JUI PFHH1hu/nlzbnPqvhcbmrchO0OpOheJ4ozi4UAcWUpjHUbniDBqkEtvxN3rGHg8i mmYcaHGG5wUV5epWZXbokmX2AduoayHozmmVXQKl4gY2L8gIrcLEvfQJkB358b91 bcw5YgmWQK1UOm6e9UL/ZWVwP4jO7A7y0KH+qVkF5hv3LgcuuDqp8vKPHmacB651 0/1xG4g5aXq1VvUmKFUCAmEvxlZBYIH1gtnDs0zIQdG7wZV8/wdpmMkfvcFXD3VY FYv26pur9rQ/+jvvUZbacfNPwpBWIQOn06PnolJLgr9U6xpsUyU= =o0kW -----END PGP SIGNATURE-----