Dear Users,
probably *you* didn't miss it (but we failed to send the announcement
here¹): we published a security release exim-4.96.1 with the fixes we
have so far. More fixes will follow, as an other security release will
do.
See this link for a summary:
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Distribution points:
--------------------
- git://git.exim.org
branches:
- spa-auth-fixes (based on the current master) [commit IDs: 7bb5bc2c6 0519dcfb5 e17b8b0f1 04107e98d]
- exim-4.96+security (based on exim-4.96) [gpg signed]
- exim-4.96.1+fixes (based on exim-4.96.1 with the fixes from exim-4.96+fixes) [gpg signed]
tags:
- exim-4.96.1 [gpg signed]
- tarballs for exim-4.96.1:
https://ftp.exim.org/pub/exim/exim4/ [gpg signed]
GPG signatures are made by me (hs@???, or Jeremy Harris
jgh@???).
For cross-verification the SHAX sums follow:
SHA256 (exim-4.96.1.tar.bz2) = 26bbcd4f45483c7138912b4bd31022aee8abf8ac7cdff55839d7e2a9e4c60692
SHA256 (exim-4.96.1.tar.gz) = 6d06845e07c699e7dabbe1ca1edf23fe8b17083dc9fe0736f0b4a90351ac708e
SHA256 (exim-4.96.1.tar.xz) = 93ac0755c317e1fdbbea8ccb70a868876bdf3148692891c72ad0fe816767033d
SHA256 (exim-html-4.96.1.tar.bz2) = 42084c0fe3cc430eccd598beb5dff3c7742926a4a6c92d44d6836480757e1b72
SHA256 (exim-html-4.96.1.tar.gz) = 9c2d7de709def8e44b200db74b59777e6fdf2811718ff3f3ba75f1e006812e6a
SHA256 (exim-html-4.96.1.tar.xz) = 745d73e6d17fddbd0c92e55ab134ba691363ee583604038bc2fd551c70acbc6c
SHA256 (exim-pdf-4.96.1.tar.bz2) = 89b532da12560d4c3dbcada1c96d07ca0b7ae21af61c3798eada715acf081ae7
SHA256 (exim-pdf-4.96.1.tar.gz) = b4b1d6f32ea04e44370b5de38e961c2d16580b089839bb1e1416e95be05bfd0e
SHA256 (exim-pdf-4.96.1.tar.xz) = 510c793e6b4122fa2312eaa697d90d8be4b5f8480977c3babdb35d5c1e8cfe79
SHA256 (exim-postscript-4.96.1.tar.bz2) = 7369e423b4f5b6557483da7cbd290010fdffa4ade3afa0262a47416841d47bc9
SHA256 (exim-postscript-4.96.1.tar.gz) = 3ec107687f6799f8798edecb10cc4ce45cc74aec8ed2356a87754b12a1c43782
SHA256 (exim-postscript-4.96.1.tar.xz) = e6332d2a26cd68223d8e73180b95f63f92dc781090dccb22af2c8f1991592824
SHA512 (exim-4.96.1.tar.bz2) = 2475437b48a266b2e453808a01320fe4df499bb9e3e7d41b6283f369cfa72602a02baa9a1bcdc630987a35da9db47e09fa682dca31748f07f8bde8403d636a22
SHA512 (exim-4.96.1.tar.gz) = 3c2d387686e0b1b4d4e06718eebb5a53b6944dd818abf3f7a7d3cd1898557dac302708f5f9e2a09223cf7cb8d34b0234c1763eab9b2182fd1d9593012add02d9
SHA512 (exim-4.96.1.tar.xz) = ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd
SHA512 (exim-html-4.96.1.tar.bz2) = 56fe39f66e238100e0ca62f19f08703176471cfccdb9c95368fd219f043c96da9da512418e10224514461302e1f25af0254bf810081c8b6edfe676196ffbb743
SHA512 (exim-html-4.96.1.tar.gz) = 36fea45df417e87ee7d5676ca5347d7e28cb5db70d583cf7471108a9b6fbedfdaa34793063f577dccdd9e62a8617380cb89f5f4d1891a4d05105d78655b7e588
SHA512 (exim-html-4.96.1.tar.xz) = 5519bf2056c8b4018a2e3a2d9afca0e0b1978990d3789be421d097bcae000d2d38205cd61e67bd83c27036376613c6ba69c993b6567adf3b57fdd642e9db1cc8
SHA512 (exim-pdf-4.96.1.tar.bz2) = aefc9b6fe83c6cd74d87e7c4c448957f7bf76ec9fb94ff1620512906e84ddfae4f9445247b228d2231c6faf71e35ae0a2bf0cdcfb453bc62295694e22c597d09
SHA512 (exim-pdf-4.96.1.tar.gz) = 3f7ab2a405ebe5c2b027039dc23864bced07f757f4bda2e283b938e9786aa18c70f167990c38e85bb5cc55b433bb470ed7acb04d5a9a732eab5dffe28d07e1ee
SHA512 (exim-pdf-4.96.1.tar.xz) = d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0
SHA512 (exim-postscript-4.96.1.tar.bz2) = 83b4f3d686d62e18da90b25d5ed2ab2ca5ff709ea16887f35a0e45dcf0ba139c02f5171008ae26879dd598a0f9d25bdc5851066375006d0a004b6a36d0ee957e
SHA512 (exim-postscript-4.96.1.tar.gz) = dceb5f9350dbba42c4fcffb03248f7d3951d3cb8bba759b8e3d4e3cd69651ea5db0b8a692b93e2be2958ad01865efbf2dd29b5ace72058ceb2aabc17451b6834
SHA512 (exim-postscript-4.96.1.tar.xz) = 788fc9c48955ef6eb497f64bdcc75812acebe144fcb5a8b773f5a03ced66be4842f8b3e9572e0dc5d625e0de4274cefa13ae708bb8edf9ee883795271d77db82
¹) Thanks to Lutz Pressler telling me.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-announce.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-announce-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/