On 2021-08-14 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: exim4 > Version: 4.94.2-7 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org>
> Hi, > The following vulnerability was published for exim4, this is to start > tracking the issue downstream for us. Note that at time of writing [2] > gives still a 404. > CVE-2021-38371[0]: > | The STARTTLS feature in Exim through 4.94.2 allows response injection > | (buffering) during MTA SMTP sending. [...] IIRC that is mitigated in experimental (4.95 rc) by ALPN and unkown command related changes, I will not be able to check in detail for a week or so, though. cu Andreas
