Package "exim4"

  exim4 (4.90.1-1ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: use after free in regex handler
    - debian/patches/CVE-2022-3559-1.patch: properly clear references in
      src/exim.c, src/expand.c, src/functions.h, src/globals.c,
      src/regex.c, src/smtp_in.c.
    - debian/patches/CVE-2022-3559-2.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/regex.c.
    - debian/patches/CVE-2022-3559-3.patch: fix non-WITH_CONTENT_SCAN build
      in src/exim.c, src/functions.h, src/globals.h, src/regex.c,
      src/smtp_in.c.
    - debian/patches/CVE-2022-3559-4.patch: fix non-WITH_CONTENT_SCAN build
      in src/expand.c.
    - CVE-2022-3559

 -- Marc Deslauriers <email address hidden> Wed, 23 Nov 2022 10:55:59 -0500

  exim4 (4.90.1-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2022-37452.patch: Fix host_name_lookup
      in src/host.c.
    - CVE-2022-37452

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Aug 2022 08:12:18 -0300

  exim4 (4.90.1-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/sec-may2021-*.patch: backport patches from upstream to
      correct issues.
    - CVE-2020-28007, CVE-2020-28008, CVE-2020-28009, CVE-2020-28010,
      CVE-2020-28011, CVE-2020-28012, CVE-2020-28013, CVE-2020-28014,
      CVE-2020-28015, CVE-2020-28016, CVE-2020-28017, CVE-2020-28018,
      CVE-2020-28019, CVE-2020-28020, CVE-2020-28021, CVE-2020-28022,
      CVE-2020-28023, CVE-2020-28024, CVE-2020-28025, CVE-2020-28026,
      CVE-2021-27216

 -- Marc Deslauriers <email address hidden> Fri, 30 Apr 2021 10:15:04 -0400

  exim4 (4.90.1-1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12783-*.patch: fix SPA
      authenticator, checking client-supplied data before using it
      in src/auths/spa.c, src/auths/spa-spa.c.
    - CVE-2020-12783

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 10:10:01 -0300

  exim4 (4.90.1-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Wed, 04 Sep 2019 21:14:01 +0930