Package: exim4-base Version: 4.94.2-7 Severity: critical Justification: breaks the whole system
Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** There are various CVE report with a rating of 9.8/10. CVE-2023-42119 CVE-2023-42118 CVE-2023-42117 CVE-2023-42116 CVE-2023-42115 CVE-2023-42114 It would help if there would be a statement by the Debian exim maintainer team, by when updates are expected to arrive. This would at least help to judge, if I should migrate my systems to postfix or if I can wait for a bugfix. *** End of the template - remove these template lines *** -- Package-specific info: Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018 Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR PROXY SOCKS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /var/lib/exim4/config.autogenerated -- System Information: Debian Release: 11.7 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-25-amd64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages exim4-base depends on: ii adduser 3.118 ii cron [cron-daemon] 3.0pl1-137 ii debconf [debconf-2.0] 1.5.77 ii exim4-config [exim4-config-2] 4.94.2-7 ii libc6 2.31-13+deb11u6 ii libdb5.3 5.3.28+dfsg1-0.8 ii lsb-base 11.1.0 ii netbase 6.3 ii systemd-sysv 247.3-7+deb11u4 Versions of packages exim4-base recommends: ii mailutils [mailx] 1:3.10-3+b1 ii psmisc 23.4-2 Versions of packages exim4-base suggests: ii emacs-gtk [mail-reader] 1:27.1+1-3.1+deb11u2 pn exim4-doc-html | exim4-doc-info <none> pn eximon4 <none> ii file 1:5.39-3+deb11u1 ii mailutils [mail-reader] 1:3.10-3+b1 ii openssl 1.1.1n-0+deb11u5 pn spf-tools-perl <none> pn swaks <none> -- Configuration Files: /etc/logrotate.d/exim4-base changed [not included] /etc/logrotate.d/exim4-paniclog changed [not included] -- debconf information excluded
