Changelog
exim4 (4.96-15+deb12u3) bookworm; urgency=medium
* Multiple bugfixes from upstream GIT master:
+ 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch
+ 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch
(Upstream bug 2998)
+ 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch
+ 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch
(Upstream bug 3013)
+ 75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch: Fix on-demand
TLS cert expiry date. Closes: #1043233
(Upstream bug 3014)
+ 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch
+ 76-10-Fix-tr.-and-empty-strings.-Bug-3023.patch ((Upstream bug 3023)
+ 76-12-DNS-more-hardening-against-crafted-responses.patch
+ 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix
regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054)
* tests/basic: Add isolation-container restriction (needs a running
exim daemon).
* Add ${run } expansion test to tests/basic.
* Update code to 4.96.2, fixing issues with the proxy protocol
(CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42119). It
also includes additional hardening for spf lookups, however CVE-2023-42118
was diagnosed as a vulnerability in the libspf2 library and needs to be
addressed there. Closes: #1053310
-- Andreas Metzler <email address hidden> Wed, 18 Nov 2023 11:07:57 +0100