-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 May 2026 18:52:26 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: armhf Version: 4.96-15+deb12u10 Distribution: bookworm-security Urgency: high Maintainer: armhf Build Daemon (arm-ubc-05) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Changes: exim4 (4.96-15+deb12u10) bookworm-security; urgency=high . * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4. Security: PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family (12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21). Previously a frame with family=0x21 and len=0 caused 16 bytes of uninitialized stack to be formatted as the sender's IPv6 address and disclosed in the SMTP greeting banner. Affects configurations with SUPPORT_PROXY and `hosts_proxy` set. Reported by Warisjeet Singh (sin99xx). Checksums-Sha1: 6232e6fe1746d03056b336b6ec12221b2d2c1ba2 128964 exim4-base-dbgsym_4.96-15+deb12u10_armhf.deb faf637123fe012dd1f3cf47ece90b3c5bcdf52af 1114932 exim4-base_4.96-15+deb12u10_armhf.deb f3c79e976e6adbd37b33aff931d0b68e7d22add8 1588400 exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armhf.deb f2d0f598ba47007cf21d3bc232c1f857f88c4d16 613920 exim4-daemon-heavy_4.96-15+deb12u10_armhf.deb cd7695cec161e4b67a1ccca2d097e134f6931ce4 1390668 exim4-daemon-light-dbgsym_4.96-15+deb12u10_armhf.deb 1cd48a0cde0c38c3aea8645aff6457fed112b1df 559072 exim4-daemon-light_4.96-15+deb12u10_armhf.deb 77cf9f57e72a13034bf451af1431d2dfa8cde79c 39468 exim4-dev_4.96-15+deb12u10_armhf.deb dd259566926fcb623a84144474c1ab77ec41f426 11204 exim4_4.96-15+deb12u10_armhf-buildd.buildinfo c7147aa2a3e90a9435fb483838e5e00fd15b5dcf 136140 eximon4-dbgsym_4.96-15+deb12u10_armhf.deb 9f8866abf1e8bdf1b514c3e885f897b017754faa 70400 eximon4_4.96-15+deb12u10_armhf.deb Checksums-Sha256: 571d6e8ee4d131ab55af5d8c7142156e9b2a8ef58fbb0d0cbe18e7b4e091cc6a 128964 exim4-base-dbgsym_4.96-15+deb12u10_armhf.deb d95e52b7f3fcc5dd71685191f3d6cc94b5e31df14732dd2a43f43f00b8b10a23 1114932 exim4-base_4.96-15+deb12u10_armhf.deb 5e58f28c50b59ed129f3a8e6b11e22df56dd96608df354ad8ac6800442284d90 1588400 exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armhf.deb e48bdefcfe9049038ca2d9f9d096febd064552386da9568190789bf31486e494 613920 exim4-daemon-heavy_4.96-15+deb12u10_armhf.deb 1d02344f2e2cdde0d4c64c2146443f75fc2a8ec4f8d52dfd15f64f71cf16ee5b 1390668 exim4-daemon-light-dbgsym_4.96-15+deb12u10_armhf.deb c91fa26c12752121c44ad9e125a5f3aeb2b3c88f734dcc9dc20954c6030dc2c5 559072 exim4-daemon-light_4.96-15+deb12u10_armhf.deb 9e60b798cf7fc9a63a4f9bf5204cfbc171d00303d2a0d1dee3393d9135ae3cef 39468 exim4-dev_4.96-15+deb12u10_armhf.deb 710a92f396e5c17005a86b2cca62d7dca176b6340f6d30cc4e2493078648c919 11204 exim4_4.96-15+deb12u10_armhf-buildd.buildinfo 44f493f589c1fec040282efc4229e0f2c3b02ecfe0aec8653fbda090dd360206 136140 eximon4-dbgsym_4.96-15+deb12u10_armhf.deb c42b1d5cba712b2e4c525d58d6519d7cb90aec03fea9d0238537619a573a660c 70400 eximon4_4.96-15+deb12u10_armhf.deb Files: a299388ad75f880ebff0c7acdb2dce9b 128964 debug optional exim4-base-dbgsym_4.96-15+deb12u10_armhf.deb ec789e83ac87a0f2a916bf64736e4ddb 1114932 mail optional exim4-base_4.96-15+deb12u10_armhf.deb d9233a87ea97ac8520d289a38670d86d 1588400 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armhf.deb 029cad2856b3c1137b3ecca2c35d7e3b 613920 mail optional exim4-daemon-heavy_4.96-15+deb12u10_armhf.deb 09a4d92fcc601f807500846128f79581 1390668 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u10_armhf.deb d1700a9871d977eddbe8ffb966c1c26b 559072 mail optional exim4-daemon-light_4.96-15+deb12u10_armhf.deb 2056b64a829f5bd04ac88fc8f0a5c706 39468 mail optional exim4-dev_4.96-15+deb12u10_armhf.deb a01745932adef6f05897bef7baf316b4 11204 mail standard exim4_4.96-15+deb12u10_armhf-buildd.buildinfo 941d17554a8134d5fa38278b144bd588 136140 debug optional eximon4-dbgsym_4.96-15+deb12u10_armhf.deb 602352dd6ae8714182902d7a32cf7651 70400 mail optional eximon4_4.96-15+deb12u10_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmoYd+gACgkQnwznazfj XToU4Q//YCBZYQ1Kn5SAslgbE4MJz0YQXHDXm7y2Rh2/d0+thh0g2qY23Fe1L2Se OIq5RZfXEYoR/QTcHTTSDqZLcy58gQE6DuQCAkhESg72UdcGV0skk1cnYh/7tY8l QodrWoZlgAY5eWe8Mu+yozeZhJjxyOSDM2OrkmP4bP2Zx40jNQaEyF6JeickPi6c YNvyJDfVnVkOkN3Ky2N0lN5DE8MmfrII5RCdcJ9fgBLT5JK5HXO84U8+GCQA0rgm Zlm9aDQZp4zVRawMTYZTtrzyQb52oZWKOsmXQct813viWV3jlN++t2oq7apnRBI4 Z4hNzZHGN0D7+9mnmNAoSt8BxjuuebIHV7pkBe3mV4lG+LwMTGrJxHfW/qryS0xG fE6aOcw6rAzFIbrElgaKKKtBxe+SoPKlmeVr3tagqQygtuo8DNsYe6QVCL8C4+96 +sCfPxshnVRK6wVfTPq5c9xxTJh5daYhhGnyYEayl08e7nNedunIomFPun8U8nnV OzGKqMDq2USdB+Ecade0Ug3OQsmIsplm2N16lFLGwI9IZeZNVIRA65mrQrmZrV+N ZT64AMc3t9O+i/68ypZmjCOR3I5JLBHFCnubHY29E5qqGqTpf2EYyIICuKkcBldC O12H1sGw7XeMSaHE5ZfhExSgxzR3DbQ6kY+Vz6cmJ+gJIhE7/xk= =Szfd -----END PGP SIGNATURE-----