From $URL: Product: Exim Versions: 4.69 -> 4.87 Impact: Possible leak of private information to a remote attacker Reference: https://bugs.exim.org/show_bug.cgi?id=1996 (placeholder currently) Requester: Heiko Schlittermann <hs@schlittermann.de> (Exim Developer) Credits: Bjoern Jacke <bjoern@j3e.de> If several conditions are met, Exim leaks private information to a remote attacker. A patch exists and is under testing already. Backports to older versions are under development. As soon as the tests are passed we'll send an announcement to the "Operating system distribution security contacts list" and ask for packaging fixed versions.
Upstream announced they released 4.88, but will make it public on the 25th, so no way for us to test/prepare. I hope we can bump ASAP given this inconvenient time planning.
exim-4.88 is now in the tree.
@ Arches, please test and mark stable: =mail-mta/exim-4.88
amd64 stable
There's also exim-4.87.1 which has no feature changes but only the CVE patched.
x86 stable
sparc stable
ia64 stable
ppc stable
ppc64 stable
Stable on alpha.
Stable for HPPA.
GLSA Vote: No @ Maintainer(s): Please cleanup and drop <mail-mta/exim-4.88!
done!