Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted exim4 4.99.3-2 (source) into unstable
Date: Fri, 29 May 2026 17:36:51 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 May 2026 18:46:28 +0200
Source: exim4
Architecture: source
Version: 4.99.3-2
Distribution: unstable
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Changes:
 exim4 (4.99.3-2) unstable; urgency=high
 .
   * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4.
     Security: PROXYv2 parser: reject PROXY frames whose declared payload
     length is too short for the claimed address family (12 bytes for
     TCPv4/0x11, 36 bytes for TCPv6/0x21).  Previously a frame with
     family=0x21 and len=0 caused 16 bytes of uninitialized stack to be
     formatted as the sender's IPv6 address and disclosed in the SMTP
     greeting banner.  Affects configurations with SUPPORT_PROXY and
     `hosts_proxy` set.  Reported by Warisjeet Singh (sin99xx).
Checksums-Sha1: 
 388ae896cc25bb569d1722ad54f5885f892f8139 3370 exim4_4.99.3-2.dsc
 eb0c85d0921431222c408cdf4aaec15f2574c8d6 482736 exim4_4.99.3-2.debian.tar.xz
Checksums-Sha256: 
 a81b74beb4af7ed013d537efb60fff283173eaf062eb89fb91171968c4b7b28c 3370 exim4_4.99.3-2.dsc
 6473772e626a4b5566fa31a1c1c9a69f620a9e0df8fb9bb04c8830797742fc61 482736 exim4_4.99.3-2.debian.tar.xz
Files: 
 db1d6b60c14165ae9c965090d7cefc57 3370 mail standard exim4_4.99.3-2.dsc
 8381675514f6f54d19fcf2300408516c 482736 mail standard exim4_4.99.3-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoZyTcACgkQpU8BhUOC
FISTLg//bp8nuHoOm3dIgYd5XEXW7LTq3pTkss9JfS2tPXfAZdzhzi18p8hhtM9S
8JDHL8488BWTerRbXoHCuqJ0eauwCWbT1m296k4WEQKSAlSWnYs9DNhwJ4xitOjo
8s1ypwZ6AqsN8t48LXJhBlWumA7/PfcYcwrd8GUCnCa7QieSEZ31phrPOMO51hlO
Y8xCYoHLVIGWhfusalUoR53a8cn02pUMeQZFB4MHio50xyyijscySEhwjZ9hE1oq
wainpKXsm67DxovXJTPv5u4pKFlS+rvU/0hONltyA41ZZyw5BPjGLsgR3A8FWTEN
MQS6xSpvQUcZC/vxM36GJfYgxlPPknAwYm/ezhAhRJ6ff9nHfA6OpAROvp0r2hIT
TrXL+Vvpmgjx310uu7t7FtRDO8T1mXW/l72YCd6oyokMZlxFhsCCfolwwDLHN+gV
9OY44R7SINIMEhmy8UQ3MwGcQSqllJV467Vwg9PJRIBY5TZQwwAruoPmoB7vsYcQ
Hdy5SSqIAeff/z4RPX8kd2J5cwDNVAPsNXsnt6q1YzRTT0LxRc8n/oUi1NmdDQMP
XcMV0vPLPfyZ/ivWG7g8Uuuo4gqQcEm76N+L5MQVhgZ29L2Qwf8jB+zTyGKDfKx0
Kv2KsgDnjQ2dUy5mDuqGVBSMsUXPU0zAC0Qn2SXIgOKJOsIWMxw=
=OD+G
-----END PGP SIGNATURE-----

News for package exim4