-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 18 Nov 2023 11:07:57 +0100 Source: exim4 Architecture: source Version: 4.96-15+deb12u3 Distribution: bookworm Urgency: medium Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1043233 1053310 Changes: exim4 (4.96-15+deb12u3) bookworm; urgency=medium . * Multiple bugfixes from upstream GIT master: + 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch + 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch (Upstream bug 2998) + 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch + 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch (Upstream bug 3013) + 75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch: Fix on-demand TLS cert expiry date. Closes: #1043233 (Upstream bug 3014) + 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch + 76-10-Fix-tr.-and-empty-strings.-Bug-3023.patch ((Upstream bug 3023) + 76-12-DNS-more-hardening-against-crafted-responses.patch + 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054) * tests/basic: Add isolation-container restriction (needs a running exim daemon). * Add ${run } expansion test to tests/basic. * Update code to 4.96.2, fixing issues with the proxy protocol (CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42119). It also includes additional hardening for spf lookups, however CVE-2023-42118 was diagnosed as a vulnerability in the libspf2 library and needs to be addressed there. Closes: #1053310 Checksums-Sha1: c4722b686b96b895692a5109dfe3dcd4e1369ca4 2923 exim4_4.96-15+deb12u3.dsc c7e3725a4404d90894dc99a33d53b9c293d3ff54 504024 exim4_4.96-15+deb12u3.debian.tar.xz Checksums-Sha256: 0da9eaee8acd75eb4eaf5577b3e84bd5cc7a6294cb83587f0880c89691790306 2923 exim4_4.96-15+deb12u3.dsc a8f7a4d81c826b37305f4afb7d271c7bc152dd1e93cb3211ab779f1e3948f6ae 504024 exim4_4.96-15+deb12u3.debian.tar.xz Files: 20d9c1c596af9964a53c47ea3a015d3d 2923 mail standard exim4_4.96-15+deb12u3.dsc cd75904806abbe66032b45c63204f9e1 504024 mail standard exim4_4.96-15+deb12u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmVZ4x0ACgkQpU8BhUOC FITXBw//aSMq9kgiX3WrsK38H47wP0AV4Mh0BM1NB3ptlnKRo9xFaqVsoh3ag6zh YLbuuef1LKHPv/ZXRT7ut5ZRAMAo/cAfZjqIl9a/8KYStqgRWtNqfQn02uYVYEUm Cdtry+xo9zfYQ1q93srkGiFmN803mNhbXTtvW25CKM65SnS7TQR36aUXDVPX3mmZ zcoLROmpfHDeqZqwlJO8m6XYq0gXQEvMT4+9qHEJalsw4puQ2QRTFRaHeHJM62Yv f4GxjJbmlAafDREw6swZkRAskFKHzIDO1by5YtC5GMf0QIPZWjSOjAdfK0hm56Ef 1zg4nmcOt94WS9I91ibAVWxbSdUVigmvBOGjZx5KbFfbU9mhdnnPXUVX3CJZCrMI Nm/XMCt2cNEJ/M6QkFIC2AkMwbpGMxkuTrAd9FITW/PBr9EIa8uaizDLUxxqu5G9 P+qWIGRJLvqoKWvN4K7rGfnYw1YduAbVKZULV5mQ1DbMc/digI+99W7l2aVhKnhY 0zu+x75dRZc9Az3mPwxczkqS0XCtFZXhPfcaS1fZ3kuZmh/Bl0t9dhO20mQYs4eI u7n/ARpmEJqCMb21a/fNCkvwepQBiQnJlIzfblA6+Qrl52CAZvHpwn4K8O+t+ULQ 0B+3rcYOg6s2wq0phH5r44LpMvmzd516Y4a/o1Pn9F5kGcGWEHk= =6nFZ -----END PGP SIGNATURE-----
