On 2/21/25 2:29 PM, Stuart Henderson wrote:
On 2025/02/21 13:56, Renaud Allard wrote:Hello, Here is a very straightforward update for exim to 4.98.1. This release has been done only due to CVE 2025-26794 (https://exim.org/static/doc/security/CVE-2025-26794.txt) Given the vulnerability lies in sqlite and we use berkeley DB, it should probably not be backported.thanks, committed. I did backport because there is FLAVOR=sqlite3.
I am not sure this was needed as even FLAVOR=sqlite3 shows berkeleydb being used for hints and that's where the vulnerability lies. But better be safe than sorry :)
smime.p7s
Description: S/MIME Cryptographic Signature
