-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Sep 2023 23:23:04 +0200 Source: exim4 Architecture: source Version: 4.94.2-7+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: exim4 (4.94.2-7+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Address external and SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115, CVE-2023-42116) - Auths: fix possible OOB write in external authenticator (CVE-2023-42115) - Auths: use uschar more in spa authenticator - Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116) - Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114) Checksums-Sha1: 9a2630371a3ccce2090b9f1f364d45f666fc7a49 3082 exim4_4.94.2-7+deb11u1.dsc 4854541833583d82c6e667d3dde566d41162eec3 1838076 exim4_4.94.2.orig.tar.xz a042b2dcaee770d7a5c54c8434b27cf10a902aa3 488 exim4_4.94.2.orig.tar.xz.asc bd867fcbb1e185a2871d7be6c4200db6a8f67d98 485668 exim4_4.94.2-7+deb11u1.debian.tar.xz Checksums-Sha256: 22aeb5aafaad44b4c7d3027b4a09a0b3a1521c5a5ae9214c653bdae5e43a2308 3082 exim4_4.94.2-7+deb11u1.dsc 051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 1838076 exim4_4.94.2.orig.tar.xz 5546fb401d778bc8c8df35d9584612d10a4a896cde5f130c119f98297a18df73 488 exim4_4.94.2.orig.tar.xz.asc 76d391806924abaf1e8c046dea35b1c0485a5ecbfff843dd544e1a34d175ec6a 485668 exim4_4.94.2-7+deb11u1.debian.tar.xz Files: 8db04c3c49b57f8f4d2d107969ed6435 3082 mail standard exim4_4.94.2-7+deb11u1.dsc 4fbf1ebb36f0f43bb94ed0848eb13256 1838076 mail standard exim4_4.94.2.orig.tar.xz ceddf936e03226c4364c4c59e7461788 488 mail standard exim4_4.94.2.orig.tar.xz.asc 78ee1429c8182f6be9ddc53fe3770ae2 485668 mail standard exim4_4.94.2-7+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUYIKZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EM9IP/2bgxKWIH5nHt6RpcWUi79Jjo7K4tS38 dORML3chdX5W8qiOUPyt3whGM1jVemq/vfTm8/J2ap4s0m9KWBm8jkzgQvqV3wWu xZYqI0VC6cRxAL6gKEeDiXdVWnBFc0o1kPOybLpB9E1+5MUoBis7iJSCOnMMUj0n fuD4GMiX/gxvsXG2HkPB5Dyafat1mfJl41D/+rGE5x2A7G7Ah6hYIhBf8jT0sM31 lH6SeH2Jibuzkr1xFJL+VmRUzTdCU26pULsQXMZXSW52wbqnKVtL+Xf/PE4KJikW uc6LgG5VHVpk0WI4wEcxSbrAEVYma20A6oLmdhSlamVKd6YzcFRPUlLK4KxBGY9C /uwJ+v0L+277j1GjCVvbfQ8E2+Ciiu8bzgIDdioqurSgrdiidKlUVn46rAQ/wjMq SBU5N99X3rq+TMIIX+W+qjj7AybM+gLmklc787mN1pKO8bWG60cHO+hp/EuepvUa HAWgzWOf96FTBaaR62HzkaNZ/UrXQHMwBDykaXM9d5RaNX+p9hWRiY7O9wX+3RJj yGLBz6pfpAyizIi7UHrc/xXk8qxCTwtXoD2tLquyMt4cWYdTYdzTVNodxnEgMpTA AbiNuAgBEoFu/i6HJVnxpWEJ7VqEFfCgSFXuWNpnCwa8uZ+KeTwc4/rJ9cTS8n8q yAfEVoBGfrUv =yXBA -----END PGP SIGNATURE-----