CVE-2014-2957 fixed in 4.82.1, introduced in 4.82: used untrusted ata when parsing the From header in Experimental DMARC code and allowed macro expansion. only for mail-mta/exim[dmarc] 4.82.1 released Reproducible: Always
Thanks for the report.
Since DMARC was only introduced in 4.82, and 4.82 is not stable. If we remove the vulnerable versions we should be good: Please cleanup: 4.82 & 4.82-r1 Thank you
4.82 and 4.82-r1 removed