[From nobody Sun May 3 17:33:05 2026 Received: (at 1134984-close) by bugs.debian.org; 3 May 2026 16:32:07 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 74; hammy, 150; neutral, 204; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:58494) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZjj-004wo6-29 for 1134984-close@bugs.debian.org; Sun, 03 May 2026 16:32:07 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZjk-002302-13 for 1134984-close@bugs.debian.org; Sun, 03 May 2026 16:32:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=FYBMaxwYiRKsS18lZRR1q/Wru3UBs7nt9VtkdDRSaOU=; b=SvsjkGUw13VugXMemLyXHcWqiN GTIUkLWdbqoVyriBTDPpNxjdCoJrpbOXua4iB8YXdvLWufOk5sZx8AGzg6uiRI3WrRHsjnVI5kaqI 5lFryBLQJkddXos1pXL9Zu9A8qq8a6WlvnAL6i/X+VxebQKy3IddZlT3jehYU9GH7Z1kfxxKbfmpG vrMMTweWv7On2z0SZ8wi1YX8Os7K/fjdSDdAT4YF1Bqz183PM3CmZSROehZfi7ZuwqEIR7jJmjIFv J28CILW56VO1bChUTz+V8exFgYAggofQkVvp9MjClZ44qKRm/DGP3e3HewdEX3svOsAXzUayI/Psl giQkU0jA==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZji-00000009X8l-23hn; Sun, 03 May 2026 16:32:06 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Andreas Metzler <ametzler@debian.org> To: 1134984-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: exim4 Debian: DAK Debian-Changes: exim4_4.98.2-1+deb13u1_multi.changes Debian-Source: exim4 Debian-Version: 4.98.2-1+deb13u1 Debian-Architecture: source Debian-Suite: proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1134984: fixed in exim4 4.98.2-1+deb13u1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============4258225813564843579==" Message-Id: <E1wJZji-00000009X8l-23hn@fasolo.debian.org> Date: Sun, 03 May 2026 16:32:06 +0000 --===============4258225813564843579== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: exim4 Source-Version: 4.98.2-1+deb13u1 Done: Andreas Metzler <ametzler@debian.org> We believe that the bug you reported is fixed in the latest version of exim4, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1134984@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametzler@debian.org> (supplier of updated exim4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:31:20 +0200 Source: exim4 Architecture: source Version: 4.98.2-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1134984 Changes: exim4 (4.98.2-1+deb13u1) trixie; urgency=3Dmedium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. Checksums-Sha1:=20 7c7ed3e5a10ef5de08f0dfff8e5972a79caff163 2929 exim4_4.98.2-1+deb13u1.dsc 67aec85babe34388344c3725a84bf2e08ebdd63a 489460 exim4_4.98.2-1+deb13u1.debia= n.tar.xz Checksums-Sha256:=20 dfc63bb64d022e9f0282033f9523ef84b7e30e4f1adaed9b774b2ee041a50d0b 2929 exim4_= 4.98.2-1+deb13u1.dsc d27da3d7fa1dd1b0c57f96b045c8709ce9d245bd6cce3e4adb520a3bfbf5d302 489460 exim= 4_4.98.2-1+deb13u1.debian.tar.xz Files:=20 02e87a0a40b6b7af9c1f1d2ce97645ea 2929 mail standard exim4_4.98.2-1+deb13u1.d= sc 7d03630deaf880609248c00b0426ec97 489460 mail standard exim4_4.98.2-1+deb13u1= .debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmn3L7QACgkQpU8BhUOC FIQtEw/+O/mGpPwZN32br2j0SulXZjWNOAsvuyv4q23ptud3oDqaCZkF9sZkOkid ECX6040xGlaVif425nuT0KvofQxTuufIoAikr53KMEwE6X90We5qswv4GFFMV6g8 v3KYR1u+loU8MhYnlfeNmN9Plb26AZ9xp/T7W11TdavpmW47u8/zbkZJmzM3H+dv CYY8jnaS6n8fMq3kdfD54QmfDYsY4vH49RYSVRcni8uiBZOanrmUsr9F49UtsFuX z+nEl+Vq35oH7/tP/PdaL1qSOENDltac4pGfctPtdEp45vi0JVqLY73ISV+d/peD HT+zB19FtrxNEPW4eIVnFQ8vOY9Dn5RldyW4H66wdiodDmcn/XGJCZjNtJjHzZEE LP0VXjMh4HrXJ8ZHrc/4R/KFnNxCECg1YnjY4lCoYfUoBerqt0AAod0pStznj9Yf NtooogZrZR5Oqa11WH3TQyOPCFdg73fNmJdw1qrHzLgEXfkpauozzSMnMqeJiA7K jYt754WzL7PFF9uSyxig7j8aXmzwUH2jGSMtc2JSAz6uLVlRSK5YHEIlMlHISUc/ iTtHEBai99UTmA7RtczSuq60TfKgsKkD5G6Qm/wLkVqhyk3CIZzY7VZjnKouis8D dyQIVXdx/d3ANv9bZo2Z/9HQ+a0HOUwKg28nmJ4Onhwuk7Mw3m4=3D =3Dv4Me -----END PGP SIGNATURE----- --===============4258225813564843579== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCafd4hgAKCRCb9qggYcy5 IdIOAP9vvggP9VKCN17SnvZ6qNAxtdSQwS3pWYKXk+7OeE4acQEAwTbEvWypZn7a X5lqcjvyr5mRnv8ybHR6G4BmONWJ5AM= =aCNe -----END PGP SIGNATURE----- --===============4258225813564843579==-- ]