-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 May 2026 06:35:10 +0200 Source: exim4 Architecture: source Version: 4.99.3-2~bpo13+1 Distribution: trixie-backports Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 1137452 Changes: exim4 (4.99.3-2~bpo13+1) trixie-backports; urgency=high . * Rebuild for trixie-backports. * Security release, uploaded before sid version propagated to testing. . exim4 (4.99.3-2) unstable; urgency=high . * Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4. Security: PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family (12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21). Previously a frame with family=0x21 and len=0 caused 16 bytes of uninitialized stack to be formatted as the sender's IPv6 address and disclosed in the SMTP greeting banner. Affects configurations with SUPPORT_PROXY and `hosts_proxy` set. Reported by Warisjeet Singh (sin99xx). . exim4 (4.99.3-1) unstable; urgency=medium . * Use new upstream tarball with CVE-2026-45185 fix included, drop separate patch. * Switch b-d from default-libmysqlclient-dev to libmariadb-dev. (Closes: #1137452). Also mention MariaDB in package descriptions. Checksums-Sha1: edafe2d8d3010128c6e16a6832c7eb50317df3e9 3404 exim4_4.99.3-2~bpo13+1.dsc 5e2aa79c028dc62ce9d41c32a89020f3b80d88d5 482684 exim4_4.99.3-2~bpo13+1.debian.tar.xz Checksums-Sha256: 91937003b0b3604606f48b82d459af2c630baa4d5f62ef3087d492f120e31f60 3404 exim4_4.99.3-2~bpo13+1.dsc 4290fa01e3e5369dafebfc9028faa4c315011c78ca2b00d6b6c64581c9e6d300 482684 exim4_4.99.3-2~bpo13+1.debian.tar.xz Files: 2ab5fd454886800605a64aaa0f4cdcf7 3404 mail standard exim4_4.99.3-2~bpo13+1.dsc e71d9a999aa0e92cbf11b67958f66e01 482684 mail standard exim4_4.99.3-2~bpo13+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmoaavEACgkQpU8BhUOC FIRjwA/+Irepwabm88UuzJx/DBV2AQ1e4VvXRirsyaiFbh7FEODTTSvkXfxxpL3f W5AeSnB079nJdEjrUNYWhhDlBTU1PeKW8Bal6wwShBbkIsyGMRNPnk95Wp4dLf2P 6bAJvIvPPy6uC1G/6K+qVQAdcCl69A9eMZIwAhIIPMEF/E2vNfqjQC9xr7ED6FO+ HVNFweOeHcREumS+Wy4/vLfvaWeHvIJIrZnD9ePIzPCSr+WS5MUkIoifaIydBX1P KlbluDdJisgLP3OtvM/yg0hww4IXAK7HGyccQFvsxuqj9fGpsWz6yKWxaXCQYYod 7E4zDQZ3vVJ7anUlLnsUizJclYkzBX5cEmwRo7Gh01wBHIINAVPvy0Bq4wAwzJsV mq19iX0/OzqFzkXKDuRXG28TOyjcNfijDim7iIt1UH2tPPvsvm9M+wpNscyTZ0/R lhBZgNS7b9mjRmBjvs74iDiStztejM9dB49RmiezhrSoYHrq8XmteYpv2D8ak9mh X95IMrPYVD5NPB+FstBCr53b/2/mg9v3NHpjCRw6imaZiR2daE7HuPoGX2EDFwuD bhs4V+XvPAzw6NJwnHek+xweAP1MDG+IYc+SLY5zssNXfic6OpEBb5AYNuykh/ej 2F5ihIcaAZeFKERxEY1r6ukymqPGcJ6Z+iQuQNYka1rS7Z1ul44= =b5wl -----END PGP SIGNATURE-----
