-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Mar 2021 09:10:15 +0100 Source: exim4 Architecture: source Version: 4.92-8+deb10u5 Distribution: buster Urgency: medium Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 985243 985244 985344 Changes: exim4 (4.92-8+deb10u5) buster; urgency=medium . * Fix use of concurrent TLS connections under GnuTLS: 80_01-GnuTLS-fix-hanging-callout-connections.patch 80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch 80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch (Thanks, Heiko Schlittermann for the backport) * Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from upstream git (already included in 4.94), on TLS connections to a CNAME verify the certificate against the original CNAME instead of against the A record. Closes: #985243 * In README.Debian explicitly document the limitation/extent of server certificate checking (authenticity not enforced) in the default configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved documentation and Closes: #985344 (Yes, without required cert checking MitM attacks are possible, but for a stable update documenting this is the best compromise.) Checksums-Sha1: 3b0bc153ca931581651a9392c0d401d9a18228f7 2855 exim4_4.92-8+deb10u5.dsc 84b419e8a237dea9225203a50dc1707439442060 478264 exim4_4.92-8+deb10u5.debian.tar.xz Checksums-Sha256: d57de47e2c87798f95b1bde4b38c5ab2279bcccce6b9da778b1ae5392a41d6fd 2855 exim4_4.92-8+deb10u5.dsc ee57e28b6321b3a0ffff205654ed54391a58811725e662cb1ab3e0f505cec225 478264 exim4_4.92-8+deb10u5.debian.tar.xz Files: 0a61313356aa055cd3e4258b2aad60ce 2855 mail standard exim4_4.92-8+deb10u5.dsc 488cbffc8ca214135e367bdbee8e9296 478264 mail standard exim4_4.92-8+deb10u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmBTRwIACgkQpU8BhUOC FIS6OQ//XSrhgVgpWFjK4GHnf9O/B81kA+oa6u1vm8Rg01VmsWkBC1d028UjAN6l oigslMGc/YZ604wAkx+keWbho77G1ugFAmzCKH7Tu880Z4OrC+nspH3KQVKI9LFf fzINvG47TgM6SaijyOBFlMTm2mJLV+3m5A8bLJYPrG1RU3JKyM8LXgzZwcR7f3IJ I/8NLbng373inttXddD+YNSroAwPTE0TNyZY6CrVqGNCZgdc0Li4nsesj6DLWf9S ZmuonejJIPBtrsJUMEVfr2srrGqTONCMgR10/k+E3D4FyKREC8BnKQs5ndute8ZB iv+j4BgxAhxetMtaepViNeC2ee4o/4cNSd2rs3y8WurgFFsVvvoGxgh+EamSuYAQ BzLj4mLQELoMZ4AsR5Vx8PCG4a2wo21O8Fky8YVlbsULN8tw3JJwwN5OtZjMxHSm i5lP6KLzuWK6YuAlNkJ77EKLCAqL3/0pZw9J4b5X0rn1+jeX74+KPx4Nu2OyKoDH mj1dlkOvs1rbAN9bMjFh1ipZvD1EyPKQa+AxDwi0wU8fBc8+DXfmixG1QquE8sgO /wMTEwRIzmG50PC6qFDeAWHNw8QsTNOeliEZeqtuQmCWOW9/HXe5DrD9EuPsqko6 kEALDn7uqmilVBjlGcX1fwDSqngKUXRgYXxzI0nnpa5xK15Ekik= =WRAi -----END PGP SIGNATURE-----