-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Feb 2025 14:02:27 +0100 Source: exim4 Architecture: source Version: 4.98-4 Distribution: unstable Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1092910 Changes: exim4 (4.98-4) unstable; urgency=high . * Cherry-pick patches from upstream git master: + 79_Dovecot-fix-protocol-sequence-for-version-2.4.0.patch (Compliance with upcoming dovecot v1.3 auth protocol) * Use default 550 message in lowuid_aliases router ("Unrouteable address" instead of "no mail to system accounts") to avoid disclosing information on installed packages. Closes: #1092910 * 81_Squashed-from-fix-cve-2025-26794-fixes-CVE-26794.patch: Upgrade to 4.98.1, fixing CVE-2025-26794. This is a SQL injection for the (Sqlite-)hints database with ETRN. Debian binaries do not yet use sqlite for the hints DB so this just only affects users building their own binaries from sources and switching to sqlite-hints-DB. Checksums-Sha1: a994e49432c82f22c38bb91326c5709542c0a67a 2877 exim4_4.98-4.dsc f89232f4959dd9f3389813c78f0c6e34ddaece79 484720 exim4_4.98-4.debian.tar.xz Checksums-Sha256: d6229b6a07f561566b58ec575674dbff9195303752d79cf2a7bb07a441a9a268 2877 exim4_4.98-4.dsc 3170a800988829d953408c0525c3054b3a88445cea22ad9e72729b43971b38c1 484720 exim4_4.98-4.debian.tar.xz Files: 28be865da245ee1096de31cb02af8dff 2877 mail standard exim4_4.98-4.dsc 58fcc59d7bac6ddfbc923b3b1b9035ce 484720 mail standard exim4_4.98-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAme2EqsACgkQpU8BhUOC FIQ8dQ//V4w5JRwF5g6B58mci0bjfJ9uTM/AHvZ31ibnA3Vv53APiSbEGiUVnMHE TzDe+3MkNHdFR77Fg+RO4VwzNJMADj+jECJ0R4x7s/AUK+uSDM8BVGdUqguDKPwj LaIyoxR3stPF9BGkOKlPqwKr0a0cHkWCBqovd+pCuErtAFyX4ZBghEUiTGn+ulhZ 5cX7p8GfAX2ZF1RKb+zGzNu+XoHUn62yarYdm9Y3vLXItJhDCSoeR2fp8Ttkfppn QDZ9yFbQuqgJzSZTgrxjerSQGST+Q4qCdZqhUCHnes8ljQtRtDIUN+17aKVF1lKq ElQe1Hk/eOMETnQ9JjUZl+zfb5T4vziunq8JVWyHrqxZXe9hT2LaXYeI0ef3TpWA +ddH0m5NxvCemTqd3uaGY2VFUhj+/zwENJe98PBFPhSwyiedbcX1a9F7oE7o8rLU KYMa/rgTDh13uG/o69kfJ6ivpAwYyoFvv/9kxs7go7Oh0nlob/4Bk94XTEORG1QD 9alpj035seszzrXErD2vfX6TyezrVMtadbvR4ktwNcK1lN3ZZg7kqIGIUOE+yu7C ftvKNDlJZ1zyxoBx+bLtxW1I3HlSjczNdVP9G9V4Btl03b0uBVQUg/m39T+FTxtB kf3Fyx72dbZCzk207fsq3mo4feXk+ukvW1h8tlySWzAkRqC+oFk= =3H/O -----END PGP SIGNATURE-----
