-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2026 11:33:47 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: mips64el Version: 4.96-15+deb12u8 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1134984 Changes: exim4 (4.96-15+deb12u8) bookworm; urgency=medium . * Fix GnuTLS hostname verify of a server certificate with a zero-length Subject. Patch from upstream GIT master (Closes: #1134984) * Pull CVE-fixes from 4.99.2 +CVE-2026-40684 Possible crash with malicious DNS data when using musl libc On systems using musl libc (not glibc) due to an oddity in octal printing it is possible to crash the connection instance when malformed DNS data is present in PTR records. +CVE-2026-40685 Possible OOB read/write on corrupt JSON in header configurations using json operators on invalid externally-provided input could trigger heap corruption. +CVE-2026-40686 Possible OOB read with large UTF8 trailing characters configurations using utf8 operators on malformed utf8 in headers could trigger OOB reads and might trigger some data leak if error messages are required for subsequent emails in the current connection and similar malformed headers are present. +CVE-2026-40687 Possible OOB read/write with SPA authenticator in configurations using the SPA authentication driver to a hostile/compromised external SPA/NTLM connection it is possible to trigger an OOB read/write and crash the connection instance or possibly leak heap data to the instance. +As a pre-dependeny to the patchset also add the fix for upstream Bug 3106 from 4.99. Checksums-Sha1: 805691eddd9e4f31c8a25b0a02640345b90c1987 131152 exim4-base-dbgsym_4.96-15+deb12u8_mips64el.deb 5679de6cd778bd1accd6e337b2e30fab7e20c12a 1117708 exim4-base_4.96-15+deb12u8_mips64el.deb fbd319decfe72b7e6a56ad2be415328b1779ff99 1681704 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mips64el.deb 29447d919746b3c3c2a7145a04fc161b20ed9787 586212 exim4-daemon-heavy_4.96-15+deb12u8_mips64el.deb 0b41fc0b69cc060fe99b7da20829945973c0ebba 1480172 exim4-daemon-light-dbgsym_4.96-15+deb12u8_mips64el.deb a0b9d206b48b4f99142e040a362c27caada34470 534792 exim4-daemon-light_4.96-15+deb12u8_mips64el.deb 9bacc37f9c4350fecaa25c7888546d35bd31d56a 39116 exim4-dev_4.96-15+deb12u8_mips64el.deb 39d1da259d891cdf42b2588c975960538c2d1fe4 11176 exim4_4.96-15+deb12u8_mips64el-buildd.buildinfo a89cc7e07512801614b95dbea68ce79518d8e98e 142888 eximon4-dbgsym_4.96-15+deb12u8_mips64el.deb 8ddb384e1fdc7f09baaad5092bacf655c8b10fbb 71768 eximon4_4.96-15+deb12u8_mips64el.deb Checksums-Sha256: d3ebe9c5b66706f874e260b160fa0a73d53e02c01a71b90ddcb42e4f1f24db94 131152 exim4-base-dbgsym_4.96-15+deb12u8_mips64el.deb d1fc205a4aeabac7a42d2eca77ea961eebf6f17cf9ff52670f1dd3de9e583f22 1117708 exim4-base_4.96-15+deb12u8_mips64el.deb dc0d301f39d25ab6d308ff5ae3af0e8d801b1bf3e5676e539624dd5a3cfa7198 1681704 exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mips64el.deb b7f971d63d27939fdbb962ca2f819f44b177da00efc9c74dce86f0ae1dcb8ec1 586212 exim4-daemon-heavy_4.96-15+deb12u8_mips64el.deb fd7a46d0b58ef72bbdac3a4b7aad76a2a31080247c61c97081318dca3600f84e 1480172 exim4-daemon-light-dbgsym_4.96-15+deb12u8_mips64el.deb 88e90baf456378856a036dff2992c80cd8e7b7709132fa9cab7ecf2d425ee279 534792 exim4-daemon-light_4.96-15+deb12u8_mips64el.deb 133e427fefdba74c48e59e9342b45e262c88d69c0794c89abb6106d3db07e378 39116 exim4-dev_4.96-15+deb12u8_mips64el.deb 778b65128a9b0db52ddf150078d9d4387f7de96ac345f7fb76fe23e518d5287e 11176 exim4_4.96-15+deb12u8_mips64el-buildd.buildinfo 36edf662842faa56fee29d874fe05473dc0142b26a21d32fed06aae25c92379f 142888 eximon4-dbgsym_4.96-15+deb12u8_mips64el.deb c73eb4a88119cf0fc53bc459ed0a143c9506833dc46a64c5b46508402ca137f1 71768 eximon4_4.96-15+deb12u8_mips64el.deb Files: 5fd8c14ee0e1f28496d75e9d99c0d24f 131152 debug optional exim4-base-dbgsym_4.96-15+deb12u8_mips64el.deb e5b0b9cf7f76098be68e22c33129f198 1117708 mail optional exim4-base_4.96-15+deb12u8_mips64el.deb e49ed7950fdd3223ff3630a795860bfe 1681704 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u8_mips64el.deb 9d5f76c817161396b6eaeb1dde516bb5 586212 mail optional exim4-daemon-heavy_4.96-15+deb12u8_mips64el.deb 38acb7c4d04978fe1c0dd1de5312c52a 1480172 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u8_mips64el.deb 4843a3371ff1c863e477bb1aa315d5ab 534792 mail optional exim4-daemon-light_4.96-15+deb12u8_mips64el.deb 99cf38b4e82a5cea4da22f5d779ff88a 39116 mail optional exim4-dev_4.96-15+deb12u8_mips64el.deb 784e69d7523af6bbbc60de9692b5818e 11176 mail standard exim4_4.96-15+deb12u8_mips64el-buildd.buildinfo 96e52b7948ce5d0e5d3b12a668ec24cf 142888 debug optional eximon4-dbgsym_4.96-15+deb12u8_mips64el.deb 4cdf73a5c4b9af6b1a7be9a4ba83ca49 71768 mail optional eximon4_4.96-15+deb12u8_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7sd7jtCtE5bBJ1Hx/qmHKZssfSAFAmn3hpoACgkQ/qmHKZss fSDLXhAAsu1D8WXZ77nDgUKbJ3EPqSLmSDqfamyb5FSiJ5gtLQ3Or/utVb8OnTnC pKlF/+odq3LLpzf5IPY3tY2wx4TUR9uNieV12diGYjBRcJsWtB4Q75cS/s3hR3za HE+So3yOuRDB25glj2iZHmHqu8Gq5Pv1ssQvEF5vT9vkRFoRhroEGbhDN4Dusasm KkbTR79tb6JnqWOWk3OdXX4ldhbOCDuCKUu1B070Qy99H6L2i2VXSLlMJD4rSc0r y1XYR5i56LmoA4nJV3dAF4wcFzZEx/xiYgGEwMZiBUjyeEyNiGcNS03xqRXKXk+I IMbrXGim9kc4bnKdiIfErjG0YyRrKQY0CvsAN+UgNdsvczP1LRPHkNwTeFLZj2qK cvfbWaGp5h0bUbUoRwk4ReASrl9G/yQU22aDORJASY3WPI/uGFIoSf1itmoo5jIU rwOnkWl4e07y9QKtcSRnUzzclgvggpn3uK6iA9j5nviL6R8Hmcp0AKjvk9YUCjBT kj9Vm9nhbX2YZmArLYfpXzEOlGkWDlu6EqeHbmTADkcdwjbK7yIFE36o5C1cZWsk 3PFiM+VGTgwmflUhpv10b7mikvBRa+Be22/ujU3lKFqWkRx4OvkFjZgUSxIzIOQ/ 5RwS6i5LIEInuV1kgZ8i9yZ3byQG27UPXx/mvsDH8mqud7Pq7sA= =E5R0 -----END PGP SIGNATURE-----