Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted exim4 4.94.2-7+deb11u6 (source) into oldoldstable-security
Date: Fri, 05 Jun 2026 07:10:16 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jun 2026 09:03:02 +0200
Source: exim4
Architecture: source
Version: 4.94.2-7+deb11u6
Distribution: bullseye-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 exim4 (4.94.2-7+deb11u6) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-48840
     Cherry-pick fix for EXIM-Security-2026-05-19.1 from 4.99.4.
     Security: PROXYv2 parser: reject PROXY frames whose declared payload
     length is too short for the claimed address family (12 bytes for
     TCPv4/0x11, 36 bytes for TCPv6/0x21).  Previously a frame with
     family=0x21 and len=0 caused 16 bytes of uninitialized stack to be
     formatted as the sender's IPv6 address and disclosed in the SMTP
     greeting banner.  Affects configurations with SUPPORT_PROXY and
     `hosts_proxy` set.  Reported by Warisjeet Singh (sin99xx).
Checksums-Sha1:
 58cdaf4b149a77a2a0cbdd79add82b3863e53a7a 2845 exim4_4.94.2-7+deb11u6.dsc
 4854541833583d82c6e667d3dde566d41162eec3 1838076 exim4_4.94.2.orig.tar.xz
 929a15b2c9ee2dd1c9424ccd9f8091072571bfbe 502108 exim4_4.94.2-7+deb11u6.debian.tar.xz
 0b884f456b46ad4164c92607eb7a068855e2fdf2 12179 exim4_4.94.2-7+deb11u6_amd64.buildinfo
Checksums-Sha256:
 d2ae56f6bebcfe3c857a1c3c07d53e48757d31174c10c30235a2a694b8513df4 2845 exim4_4.94.2-7+deb11u6.dsc
 051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 1838076 exim4_4.94.2.orig.tar.xz
 4bf36dcb874cfd51120a9a676d3736b54612c3a3dce5770d646115a44206b812 502108 exim4_4.94.2-7+deb11u6.debian.tar.xz
 937818415ef772c4a57aadf936434393b620d63ad30e38903e7b842245083f99 12179 exim4_4.94.2-7+deb11u6_amd64.buildinfo
Files:
 c1da8e255ad0d5fd1b4c6c3997855b43 2845 mail standard exim4_4.94.2-7+deb11u6.dsc
 4fbf1ebb36f0f43bb94ed0848eb13256 1838076 mail standard exim4_4.94.2.orig.tar.xz
 036afc1cfa89e24be45d01ac09a04dc8 502108 mail standard exim4_4.94.2-7+deb11u6.debian.tar.xz
 bcc88de78d44e8d342088e2d96c2ac5e 12179 mail standard exim4_4.94.2-7+deb11u6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmoichtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRz+FD/9yDU43wkPhdFZQ6ZmQszxcSmUZ6ED8
/a9wG2HXZ4ZJt+JguX2DkouCn0mSXM4xaQ2C/oIE2HZFK9vcjoJHtKeyKSy1FzZk
emWEemSEJwTAPdMyCmYOFDhDuzwiCDKaDG1+3WknWs9tMp/hXrnHHVYfCEjHTpFv
SdzURUGlPpSxYZ4IJeKAqtaDDE8F1gsETVZxJFvRBMetU0Kzdh+Jw53pPSnjQiVA
CtES0Guq+o8abfboCmaqpnN/EDAz1ZSJdgv0dOiZqBxxAOz4XgTVwDo0TJ0MRt1S
6PTzNrvsM51YebyrL9nbgy432oPPnQHUbs4IX/5QAWzuECABfnEbvhOY96glUun/
AT807Ezj7EiE5hTQDErVocj1O4N0Dgd+ZmsbHzl7DQqNLC6X7gN7QYi/u/Jt/BXD
2YsMBzUdB5XIIHoZoD5JhOxeEYDyMQjyF4b1lE7NZFNWPJ6OP8yaeo7p2PDEfzic
qThsPrcRUAA1D0Y8KBr3wehNmi2/mFPPUrpn21dHIevh0L0wW5RoR3r945aUef4x
9OeyeRicppRM+7a2NnmmF0UkmlyAfAH9PhDj77cg15nkuTsTn1psRJVg4Oq3ZaAw
2OgSKTxrJTsOOTMMWlkN4iy6NGTdYdWZzhqMmRwFlu0WT7WT2wzq2t1eBoFxVv8e
Kwz3vwNBZqdJZw==
=6QcO
-----END PGP SIGNATURE-----

News for package exim4