Am 12.09.19 um 15:40 schrieb Heiko Schlittermann via Exim-users: > Richard Jones via Exim-users <exim-users@???> (Do 12 Sep 2019 14:36:41 CEST):
>> On Sep 12, Heiko Schlittermann via Exim-users wrote
>>> If you're out of luck, either upgrade your Debian system to a recent
>>> one, or prepare to compile Exim on your own. (This is not as hard as it
>>> seems, but you have to care about further updates manually).
>> I don't suppose anyone has magical instructions on how to do this for
>> exim4-daemon-heavy?
> If you only want to backport the CVE patch, this should be simple, if
> you're experience somewhat in re-building Debian packages.
>
If it's exim is so old, the other root exploit with $run may work.
Better to build exim from scratch to be safe.