Information on source package exim4

Available versions

ReleaseVersion
stretch4.89-2+deb9u7
stretch (security)4.89-2+deb9u8
buster4.92-8+deb10u6
bullseye4.94.2-7
bookworm4.95-2
sid4.95-2

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-38371vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe STARTTLS feature in Exim through 4.94.2 allows response injection ...

Resolved issues

BugDescription
CVE-2021-27216Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...
CVE-2020-28026Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, r ...
CVE-2020-28025Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bo ...
CVE-2020-28024Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unaut ...
CVE-2020-28023Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may dis ...
CVE-2020-28022Exim 4 before 4.94.2 has Improper Restriction of Write Operations with ...
CVE-2020-28021Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. A ...
CVE-2020-28020Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in whic ...
CVE-2020-28019Exim 4 before 4.94.2 has Improper Initialization that can lead to recu ...
CVE-2020-28018Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain si ...
CVE-2020-28017Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in rec ...
CVE-2020-28016Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because ...
CVE-2020-28015Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. L ...
CVE-2020-28014Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The ...
CVE-2020-28013Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mish ...
CVE-2020-28012Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended ...
CVE-2020-28011Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run vi ...
CVE-2020-28010Exim 4 before 4.94.2 allows Out-of-bounds Write because the main funct ...
CVE-2020-28009Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow becaus ...
CVE-2020-28008Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...
CVE-2020-28007Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...
CVE-2020-12783Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...
CVE-2019-16928Exim 4.92 through 4.92.2 allows remote code execution, a different vul ...
CVE-2019-15846Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...
CVE-2019-13917Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...
CVE-2019-10149A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...
CVE-2018-6789An issue was discovered in the base64d function in the SMTP listener i ...
CVE-2017-1000369Exim supports the use of multiple "-p" command line arguments which ar ...
CVE-2017-16944The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...
CVE-2017-16943The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...
CVE-2016-9963Exim before 4.87.1 might allow remote attackers to obtain the private ...
CVE-2016-1531Exim before 4.86.2, when installed setuid root, allows local users to ...
CVE-2014-2972expand.c in Exim before 4.83 expands mathematical comparisons twice, w ...
CVE-2014-2957The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPE ...
CVE-2012-5671Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...
CVE-2011-1764Format string vulnerability in the dkim_exim_verify_finish function in ...
CVE-2011-1407The DKIM implementation in Exim 4.7x before 4.76 permits matching for ...
CVE-2011-0017The open_log function in log.c in Exim 4.72 and earlier does not check ...
CVE-2010-4345Exim 4.72 and earlier allows local users to gain privileges by leverag ...
CVE-2010-4344Heap-based buffer overflow in the string_vformat function in string.c ...
CVE-2010-2024transports/appendfile.c in Exim before 4.72, when MBX locking is enabl ...
CVE-2010-2023transports/appendfile.c in Exim before 4.72, when a world-writable sti ...
CVE-2005-0022Buffer overflow in the spa_base64_to_bits function in Exim before 4.43 ...
CVE-2005-0021Multiple buffer overflows in Exim before 4.43 may allow attackers to e ...
CVE-2004-0400Stack-based buffer overflow in Exim 4 before 4.33, when the headers_ch ...
CVE-2004-0399Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...
CVE-2002-1381Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...

Security announcements

DSA / DLADescription
DLA-2650-1exim4 - security update
DSA-4912-1exim4 - security update
DSA-4687-1exim4 - security update
DLA-2213-1exim4 - security update
DSA-4536-1exim4 - security update
DSA-4517-1exim4 - security update
DLA-1911-1exim4 - security update
DSA-4488-1exim4 - security update
DSA-4456-1exim4 - security update
DSA-4110-1exim4 - security update
DLA-1274-1exim4 - security update
DSA-4053-1exim4 - security update
DLA-1001-1exim4 - security update
DSA-3888-1exim4 - security update
DSA-3747-1exim4 - security update
DLA-762-1exim4 - security update
DSA-3517-1exim4 - security update
DSA-2566-1exim4 - heap overflow
DSA-2236-1exim4 - command injection
DSA-2232-1exim4 - format string vulnerability
DSA-2154-1exim4 - privilege escalation
DSA-2131-1exim4 - remote code execution

Search for package or bug name: Reporting problems