-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Sep 2023 22:38:02 +0200 Source: exim4 Architecture: source Version: 4.96-15+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Changes: exim4 (4.96-15+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Address external and SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115, CVE-2023-42116) - Auths: fix possible OOB write in external authenticator (CVE-2023-42115) - Auths: use uschar more in spa authenticator - Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116) - Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114) Checksums-Sha1: a63ec9187d051c39c138353db3b5b74aa1030a92 3078 exim4_4.96-15+deb12u2.dsc 81de6882bb8611d537b5286d8a48ad31f8787609 1879152 exim4_4.96.orig.tar.xz 26d2e687451ebbf4523d5caaa8e25e306a481f77 508 exim4_4.96.orig.tar.xz.asc bfd578c75f3005a85894d291178d7b840c0a48b7 490164 exim4_4.96-15+deb12u2.debian.tar.xz Checksums-Sha256: 26cc758849ed0dabb0174ef4ee62e9510302792abafb9888a9c5d5e600de04e0 3078 exim4_4.96-15+deb12u2.dsc 299a56927b2eb3477daafd3c5bda02bc67e5c4e5898a7aeaf2740875278cf1a3 1879152 exim4_4.96.orig.tar.xz 9d868dbe6ef823dd563371dc0aadbe58475cd6e42ac8998bfb2b922db3f0fdd0 508 exim4_4.96.orig.tar.xz.asc 47176e200caa2831c17d84159436e950b25a8647b1c7b9b41705959c9b1f68cd 490164 exim4_4.96-15+deb12u2.debian.tar.xz Files: ac4ed239b2cd9a0c7a5725a9a073a331 3078 mail standard exim4_4.96-15+deb12u2.dsc 0d10d5b10f2af77ec8c2c2fe5be6c1ad 1879152 mail standard exim4_4.96.orig.tar.xz 42256a69a100da4990152c9ff695d95e 508 mail standard exim4_4.96.orig.tar.xz.asc 0bebf31581b4db34a328112c4ebedefe 490164 mail standard exim4_4.96-15+deb12u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUYIAtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUNQQAJQOx3UjwU9ZDxxKwPIVbkYZC/8m65lh fitN4h8zT0kluZyfSBZxSXTPFDGZ9pPAhKjvJauLcBA4As7bm/p+9fZ++aXIYRWb dJR1iNvRg6XUHgDvi1XLw1tp3RI6hTPiXKOdReoWH+Nga5TySmkQNRhxqoLgaK6w 3gYcJ1JcNU8TIk05/Wc7okWqfX8wSTgYrAfMwakRmqvphPamcgxkku6Bi+12AEtD l8R/zDMh2WGJwCLfintDCmYamOSV57vvNgsTxTo2WfYOgVGAwEQPK92uGs5S+JlU spzESda3e0QHmuXg9py3yccKer2y17cONyTjxV3hQ8bbvywHhuTFPbbQKW6gTHU0 CuTYAGh9IrubBGMOZl72p3fZaoz4Ch7QFv5PjlFVqzPDfdaO5Qu7nzDJkruIR7Ku 0Xu7WBZzbeugJVxAIsI08K8fPZ0CaRrpHWhH/o3BxG4YHNgsjDboL+wWpmlNFiRL R+wu3abzvhdSK3LjmlBbEfjuNhAIOaidgENbleEq1YlUqRMsYuiuK2vmxZMkMedz ngQyBqa7frx+shTKfDcIt5gTuqmqjXRFTv1nVo0hyOqXfhuVk+Cvxi++oFZaXIz4 oC0qxVkMximsU+ZHEn/5/PUNCWf9z9eodS+i3Dp5sTR5iUtVOjZAdp8+5tGRXkqA aBDiRwspqMpV =YErm -----END PGP SIGNATURE-----