-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 May 2026 18:52:26 +0200 Source: exim4 Binary: exim4-base exim4-base-dbgsym exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: armel Version: 4.96-15+deb12u10 Distribution: bookworm-security Urgency: high Maintainer: armel Build Daemon (arm-conova-02) Changed-By: Andreas Metzler Description: exim4-base - support files for all Exim MTA (v4) packages exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Changes: exim4 (4.96-15+deb12u10) bookworm-security; urgency=high . * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4. Security: PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family (12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21). Previously a frame with family=0x21 and len=0 caused 16 bytes of uninitialized stack to be formatted as the sender's IPv6 address and disclosed in the SMTP greeting banner. Affects configurations with SUPPORT_PROXY and `hosts_proxy` set. Reported by Warisjeet Singh (sin99xx). Checksums-Sha1: 3cf93d347a738d23dc2e8c9da5805343c099410d 127332 exim4-base-dbgsym_4.96-15+deb12u10_armel.deb 9b4e8b4224aded2fe49b603100b1a77474974ef0 1114624 exim4-base_4.96-15+deb12u10_armel.deb 590685a04f99fce70869adadce407c21b5269aa9 1567336 exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armel.deb 2a9343f5d6ebb5ac96644e0669d21196fd634e2a 600836 exim4-daemon-heavy_4.96-15+deb12u10_armel.deb 6ce53cda42d4ea106f645c558af83b90e303b07d 1374128 exim4-daemon-light-dbgsym_4.96-15+deb12u10_armel.deb a7277e58eb892dfc1119ad7b374fa3396d331780 545288 exim4-daemon-light_4.96-15+deb12u10_armel.deb 40ceef72689abefd0b2a96d7ddf5178c7bcfdb1f 39468 exim4-dev_4.96-15+deb12u10_armel.deb b4505f2d24bba0b934b91bb5654c50a921535535 11202 exim4_4.96-15+deb12u10_armel-buildd.buildinfo 843d3a7406d2f1ceb890e16d2546988a7da19698 134700 eximon4-dbgsym_4.96-15+deb12u10_armel.deb 1ac25ca1d1873a63daed1b8f5e9325854cab9dd8 71536 eximon4_4.96-15+deb12u10_armel.deb Checksums-Sha256: 8ac89d59ad09af15dbb45250d5f4068d3cf00c0e0685e3438c0f69dd707fb562 127332 exim4-base-dbgsym_4.96-15+deb12u10_armel.deb 7c5b62ff7a565431c66589ff34193d863240ec459c3217b24bfec1bb3ab681c3 1114624 exim4-base_4.96-15+deb12u10_armel.deb 7436356c77204ab47f6d2be6de71a0f816844c6e0d6f7b7ee09d00b231c5fbf5 1567336 exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armel.deb 002aa0d692e8beb332523f6d04a31266ab6282e17b6a4dee1330082dca7f7cbf 600836 exim4-daemon-heavy_4.96-15+deb12u10_armel.deb 2df1abe79f5f6b06f3a3e41eca48d8c83a91d1b4d14c1656d102655d29422046 1374128 exim4-daemon-light-dbgsym_4.96-15+deb12u10_armel.deb ce6f16f574b8346a203a52c3c8272875730a57ee4f9aab7686e6a2dc70502b4d 545288 exim4-daemon-light_4.96-15+deb12u10_armel.deb 469e7d2351d6956c5a1a28f61b12215fd2cab482600d0a14c8627bdaa8b58f9f 39468 exim4-dev_4.96-15+deb12u10_armel.deb 2d14d140938161496359f7c2fa91f0323d53898ed0f8e14754808dcd5da1d769 11202 exim4_4.96-15+deb12u10_armel-buildd.buildinfo 420b334aaeca57e2e03fc5a97fbcbcdd80703bfdab91030a62d390effde8abab 134700 eximon4-dbgsym_4.96-15+deb12u10_armel.deb 6b8fec87d6913bb8f4e58f45316db09178c579bddcba66ecffd845ecb4f037fa 71536 eximon4_4.96-15+deb12u10_armel.deb Files: 4fe957ea5a832012f4eeb04c026aa236 127332 debug optional exim4-base-dbgsym_4.96-15+deb12u10_armel.deb 636c9b3551fa98e999a4069beaa059fe 1114624 mail optional exim4-base_4.96-15+deb12u10_armel.deb f418b7c5c9ae7ca634cbd131443059df 1567336 debug optional exim4-daemon-heavy-dbgsym_4.96-15+deb12u10_armel.deb 48a31980fc2dedba40a59fdfdf6b3e68 600836 mail optional exim4-daemon-heavy_4.96-15+deb12u10_armel.deb 1c8c3254607330d133e6291f55577188 1374128 debug optional exim4-daemon-light-dbgsym_4.96-15+deb12u10_armel.deb 8554c02d5a032fb0ad2d50d12abc4036 545288 mail optional exim4-daemon-light_4.96-15+deb12u10_armel.deb 024fea0caa3214d54546984864e36529 39468 mail optional exim4-dev_4.96-15+deb12u10_armel.deb 42a76b616fbe13b9de27b1661305ec9b 11202 mail standard exim4_4.96-15+deb12u10_armel-buildd.buildinfo 02f4ebf046ed201894fc61b0677d29ef 134700 debug optional eximon4-dbgsym_4.96-15+deb12u10_armel.deb 4a3c1fd498114d2f664985ac9a9dcf53 71536 mail optional eximon4_4.96-15+deb12u10_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmoYd+QACgkQOQKMdMnE H5O51g/+O95qLn9OhdUf6tryXsPvAlddo5u08am+QJjRU7MyvvEMnEdGPMvIJdya 4aqnwyH6LOHeGgTNwEIRL+IRs6E3JG+tdz6xgLYs0FymNQ3Vnn/Tgjj9lVHWZp4z M+rAV+EppOFYsH0LOxjKy9qyyPLTVsHRcEXkoMD+DsF7/PV/KsNaE9XyrtF7ub0s fB5yf0ag8TJjAzl2vvIyGzkfh2k6KFPwvXl0iHuzBGasFaSs1Vb/4qqllZw0+M0R 9RIynlBnN3mKuK6dRJz5kWaYEr+9OjbOTrZpeKNeBQ509VNB2dxdwRuw9cSzSBe3 ZMxcZE36Oy7IJy4I2H7ZMPp1LRn4ByE87B76+RjzYBCPPh8XRrfxYsB8UnoSpcj3 bp/sjp9kVjn++3hWMFFR9wr7z1pvF58G26kLCfSW4MKCQV6coFhY1wJGT6P9NJSG NFIIe2oe+5RAV3HJoEbGdB1N/rtJ7ogtCv4a/wONW5c/iQKlTNvSg0llmGhVYuYU YC+gwBeG0klsHj2X96wzNk4HOCzIIPdEyOtRgF7Qu9/oMxgawqMbe30dE+KMUx/R 3jpFjTIGBrbK3FPLBo2WNRzqkHsnxrhCcK4/xjQ6qSLCoOKo40Hm9gxG+9DkcSpW kklsgxZ1LYK5/ngcQAGfxrxm/+ny1/dc0zCj2sEbKzpO3HTBysk= =bBuq -----END PGP SIGNATURE-----