[exim-users at exim.org: [exim] Exim security release ahead]

Wed Apr 21 14:13:05 UTC 2021

Heads up for exim porters.

----- Forwarded message from Heiko Schlittermann via Exim-users <exim-users at exim.org> -----

Date: Wed, 21 Apr 2021 14:36:32 +0200
From: Heiko Schlittermann via Exim-users <exim-users at exim.org>
To: exim-users <exim-users at exim.org>, "exim-maintainers at exim.org"
	<exim-maintainers at exim.org>, exim-announce at exim.org
Subject: [exim] Exim security release ahead
User-Agent: Mutt/1.10.1 (2018-07-13)

Dear Exim-Users and maintainers,

this is a *heads up* notice only. No action is required on your part
right now.

Abstract
--------

Several exploitable vulnerabilities in Exim were reported to us and are
fixed.

We have prepared a security release, tagged as "exim-4.94.1".

This release contains all changes on the exim-4.94+fixes branch plus
security fixes.

Schedule
--------

2021-04-27 13.30 UTC:   Grant access to the security repos
                        for distro maintainers

2021-05-04 13:30 UTC:   Publish the release on the public
                        repos/website/etc

Repositories
------------

The sources *will* be available on our security repo:

        tarballs: git at git.exim.org:exim-packages-security.git
        source:   git at git.exim.org:exim-security.git
                  tag: exim-4.94.1

Access to these security Git repos will be granted for the known set of
Exim maintainers and distro packagers first. Please reach out to us, if
you need further details or if you think, you should be part of this
set.

One week after granting access to the distro packagers the release will
be pushed to the well known public repos as usual.

Details
-------

The current Exim versions (and likely older versions too) suffer from
several exploitable vulnerabilities. These vulnerabilities were reported
by Qualys via security at exim.org back in October 2020.

Due to several internal reasons it took more time than usual for the Exim
development team to work on these reported issues in a timely manner.

We explicitly thank Qualys for reporting *and* for providing patches for
most of the reported vulnerabilities.

Thank you for using Exim.

    Best regards from Dresden/Germany
    Viele Gr????e aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

----- End forwarded message -----

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b  
When one lacks enemies, one can always make them.  -unknown