[Git][security-tracker-team/security-tracker][master] Add assigned CVE for exim4
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 12 21:48:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d59d413c by Salvatore Bonaccorso at 2026-05-12T22:47:14+02:00
Add assigned CVE for exim4
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -785,13 +785,11 @@ CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl has an out-of-bounds re
NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
NOTE: Fixed by: https://github.com/cpan-authors/YAML-Syck/commit/208a4d3bd1b5cdb4a791a6e3905bd6bd45e9d005 (1.38)
-CVE-2026-XXXX [Exim-Security-2026-05-01.1: TLS: on rxd close with CHUNKING active, clean the input processing stack]
+CVE-2026-45185 [Exim-Security-2026-05-01.1: TLS: on rxd close with CHUNKING active, clean the input processing stack]
- exim4 4.99.2-2
- [trixie] - exim4 4.98.2-1+deb13u2
- [bookworm] - exim4 4.96-15+deb12u9
- [bullseye] - exim4 4.94.2-7+deb11u5
NOTE: https://code.exim.org/exim/exim/commit/040c1ce6889f435206677ed532c9a4185cf0bcaf
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/4
+ NOTE: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt
CVE-2026-44931
- malcontent <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/11/1
=====================================
data/DLA/list
=====================================
@@ -1,4 +1,5 @@
[12 May 2026] DLA-4580-1 exim4 - security update
+ {CVE-2026-45185}
[bullseye] - exim4 4.94.2-7+deb11u5
[11 May 2026] DLA-4579-1 python-authlib - security update
{CVE-2026-27962 CVE-2026-28490 CVE-2026-28498}
=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
[12 May 2026] DSA-6265-1 exim4 - security update
- {CVE-2026-40684 CVE-2026-40685 CVE-2026-40686 CVE-2026-40687}
+ {CVE-2026-40684 CVE-2026-40685 CVE-2026-40686 CVE-2026-40687 CVE-2026-45185}
[bookworm] - exim4 4.96-15+deb12u9
[trixie] - exim4 4.98.2-1+deb13u2
[11 May 2026] DSA-6264-1 dnsmasq - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59d413c3938d01114174ae33f50b593c81bfd72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59d413c3938d01114174ae33f50b593c81bfd72
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260512/3b1ae881/attachment.htm>
More information about the debian-security-tracker-commits
mailing list