|
|
|
|
|
|
by fweimer
37 days ago
|
|
|
That mentions 4.98.2-1+deb13u2, and its changelog has: exim4 (4.98.2-1+deb13u2) trixie-security; urgency=high
* Backport fix for Use-After-Free in GnuTLS BDAT/CHUNKING code path.
This is Exim-Security-2026-05-01.1, fixed upstream in 4.99.3.
-- Andreas Metzler <ametzler@debian.org> Mon, 11 May 2026 19:14:46 +0200
The ID is now in the CVE database, but it was missing from the upstream advisory, too: https://exim.org/static/doc/security/EXIM-Security-2026-05-0...Not ideal, but at least we got the fix. |
|
|