Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted exim4 4.98.2-1+deb13u3 (source) into stable-security
Date: Fri, 29 May 2026 15:34:49 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 May 2026 18:58:40 +0200
Source: exim4
Architecture: source
Version: 4.98.2-1+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Changes:
 exim4 (4.98.2-1+deb13u3) trixie-security; urgency=high
 .
   * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4.
     Security: PROXYv2 parser: reject PROXY frames whose declared payload
     length is too short for the claimed address family (12 bytes for
     TCPv4/0x11, 36 bytes for TCPv6/0x21).  Previously a frame with
     family=0x21 and len=0 caused 16 bytes of uninitialized stack to be
     formatted as the sender's IPv6 address and disclosed in the SMTP
     greeting banner.  Affects configurations with SUPPORT_PROXY and
     `hosts_proxy` set.  Reported by Warisjeet Singh (sin99xx).
Checksums-Sha1: 
 871ffc96a4ff75094dddc17745c433b65a6b2314 2929 exim4_4.98.2-1+deb13u3.dsc
 ba6e22772ef78bd0aa77c69b5aa678be936c83eb 491828 exim4_4.98.2-1+deb13u3.debian.tar.xz
Checksums-Sha256: 
 d38e7b854eed3525be31f22a946e7250e7d8aae989a1999f6b538a387ca14a4e 2929 exim4_4.98.2-1+deb13u3.dsc
 c590fb33e51a330b546037507208b85b0039a0e188d521587b4af03297da46d1 491828 exim4_4.98.2-1+deb13u3.debian.tar.xz
Files: 
 52343a10fecc77ad3a7c3c64e30d2e10 2929 mail standard exim4_4.98.2-1+deb13u3.dsc
 b48247e2ff81d8bcdedc673c1249256f 491828 mail standard exim4_4.98.2-1+deb13u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoYcKAACgkQpU8BhUOC
FITCiw/9EhEPGM+VeNyNi1fKjV12LTnojcHwZjIV2gaisqqXkOro7jjYVGPGIjVQ
4DhqYH3ZiL2IE8/BKXhcWwtchkA9VqcG6ePn9LUfAnalPFXjqc7rFjFFQG1K0/XK
eMG1ZRL/cdEID7+lbGSGR0lhbCCDgYFB7bQw+eSVYuemrABIaD7386zG0DQoFSBU
6DmE9x1H9T/A66nDd34n/E2fSgep04xnf6G+HBYKT/9cSGGX2mB7qKfojK03CyJq
6KqFbr1FcC7DPzRYfqLfW3a6QNJeGnfHqRQyNGnYVho0wTyP2VN5mK2wtsWfTx6Q
nKHcgpZx0A+t/izJPNTEUPzyMrwpG/kkyI6iCo57TX6jrPXQOavyqoMt1+E57VXj
SrSyD2tScNmRVMplcR4mn2GXnFQyWmXqsry5IEusU/ra55Oi5NDiERbs0JirHRAk
gT/lqk5Tu+u3PeyQYmh2X77q04ueeazn/Q4njnHoucm3qJwoi4U5ffs3rMA3ELPJ
xdUc1CK/CXJKfEJuti7tOr/gNsQ3bH6/xsxBmH8GgnGQpttJH59h1NVblhFGdLMd
rzg/PD2LS276U9b2wsgjZ2y9Wv9eVf3AXW0SbdzRTizmIXqMy5WHCs9iSYE7jaWN
sj7GdO2uCgMtPBNFw3KTkkJxrT9NdHwefPLArJXgQ6Hkpbeew+s=
=4xhm
-----END PGP SIGNATURE-----

News for package exim4