Public bug reported: Scheduled-For: ubuntu-25.06 Ubuntu: 4.98.1-1ubuntu2 Debian Unstable: 4.98.2-1
A new release of exim4 is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the questing Release Notes: https://discourse.ubuntu.com/t/questing-quokka-release-notes/ ### New Debian Changes ### exim4 (4.98.2-1) unstable; urgency=medium * New upstream version (Basically identical to 4.98,1 + CVE-2025-30232 fix) * Unfuzz patches. * Add export-dir setting to gbp.conf. -- Andreas Metzler <[email protected]> Sat, 29 Mar 2025 13:22:55 +0100 exim4 (4.98.1-2) unstable; urgency=high * Fix use-after-free (requiring local command-line access) notified by Trend Micro (ref: ZDI-CAN-26250). this is 4.98.2 without the version number bump. CVE-2025-30232 -- Andreas Metzler <[email protected]> Fri, 21 Mar 2025 15:32:31 +0100 ### Old Ubuntu Delta ### exim4 (4.98.1-1ubuntu2) plucky; urgency=medium * SECURITY UPDATE: use-after-free security issue - debian/patches/CVE-2025-30232.patch: null out debug_pretrigger_buf pointer before freeing the buffer in src/debug.c. - CVE-2025-30232 -- Marc Deslauriers <[email protected]> Fri, 28 Mar 2025 07:18:19 -0400 exim4 (4.98.1-1ubuntu1) plucky; urgency=medium * Merge with Debian Unstable. Remaining changes: - Show Ubuntu distribution in SMTP banner + d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner. + d/control: Build-Depends on lsb-release to detect Distribution. - Disable external SPF support to avoid Build-Depends on libspf2-dev (only available in universe). SPF can still be implemented via spf-tools-perl, as documented in exim4.conf.template. This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1. (LP #1952738) + d/control: drop Build-Depends on libspf2-dev. + d/EDITME.exim4-heavy.diff: disable support for libspf2. + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based on spfquery.mail-spf-perl from spf-tools-perl, but without the previously supported helo detection. -- Simon Quigley <[email protected]> Sun, 23 Mar 2025 10:10:54 -0500 ** Affects: exim4 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: exim4 (Ubuntu) Milestone: None => ubuntu-25.06 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2110433 Title: Merge exim4 from Debian Unstable for questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/2110433/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
