Package "exim4"

  exim4 (4.86.2-2ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2020-12783-*.patch: fix SPA
      authenticator, checking client-supplied data before using it
      in src/auths/spa.c, src/auths/spa-spa.c.
    - CVE-2020-12783

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 May 2020 09:54:21 -0300

  exim4 (4.86.2-2ubuntu2.5) xenial-security; urgency=medium

  * SECURITY UPDATE: remote command execution
    - debian/patches/CVE-2019-15846.patch: ensure not to interpret '\\'
      before '\0' in src/string.c
    - CVE-2019-15846

 -- Alex Murray <email address hidden> Thu, 05 Sep 2019 11:19:50 +0930

  exim4 (4.86.2-2ubuntu2.4) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via ${sort }
    - debian/patches/CVE-2019-13917.patch: avoid re-expansion in ${sort }
      in src/expand.c.
    - CVE-2019-13917

 -- Marc Deslauriers <email address hidden> Fri, 19 Jul 2019 07:21:10 -0400

  exim4 (4.86.2-2ubuntu2.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in base64d()
    - debian/patches/CVE-2018-6789.patch: fix overflow in
      src/auths/b64decode.c.
    - CVE-2018-6789

 -- Marc Deslauriers <email address hidden> Sat, 10 Feb 2018 14:18:40 -0500

  exim4 (4.86.2-2ubuntu2.2) xenial-security; urgency=medium

  * SECURITY UPDATE: memory leak
    - debian/patches/93_CVE-2017-1000368.patch: free -p argument if
      allocation was required.
    - CVE-2017-1000368

 -- Steve Beattie <email address hidden> Fri, 02 Jun 2017 22:07:28 -0700