-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Sep 2023 22:38:02 +0200
Source: exim4
Architecture: source
Version: 4.96-15+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 exim4 (4.96-15+deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address external and SPA authenticator vulnerabilities (CVE-2023-42114,
     CVE-2023-42115, CVE-2023-42116)
     - Auths: fix possible OOB write in external authenticator (CVE-2023-42115)
     - Auths: use uschar more in spa authenticator
     - Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116)
     - Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114)
Checksums-Sha1: 
 a63ec9187d051c39c138353db3b5b74aa1030a92 3078 exim4_4.96-15+deb12u2.dsc
 81de6882bb8611d537b5286d8a48ad31f8787609 1879152 exim4_4.96.orig.tar.xz
 26d2e687451ebbf4523d5caaa8e25e306a481f77 508 exim4_4.96.orig.tar.xz.asc
 bfd578c75f3005a85894d291178d7b840c0a48b7 490164 exim4_4.96-15+deb12u2.debian.tar.xz
Checksums-Sha256: 
 26cc758849ed0dabb0174ef4ee62e9510302792abafb9888a9c5d5e600de04e0 3078 exim4_4.96-15+deb12u2.dsc
 299a56927b2eb3477daafd3c5bda02bc67e5c4e5898a7aeaf2740875278cf1a3 1879152 exim4_4.96.orig.tar.xz
 9d868dbe6ef823dd563371dc0aadbe58475cd6e42ac8998bfb2b922db3f0fdd0 508 exim4_4.96.orig.tar.xz.asc
 47176e200caa2831c17d84159436e950b25a8647b1c7b9b41705959c9b1f68cd 490164 exim4_4.96-15+deb12u2.debian.tar.xz
Files: 
 ac4ed239b2cd9a0c7a5725a9a073a331 3078 mail standard exim4_4.96-15+deb12u2.dsc
 0d10d5b10f2af77ec8c2c2fe5be6c1ad 1879152 mail standard exim4_4.96.orig.tar.xz
 42256a69a100da4990152c9ff695d95e 508 mail standard exim4_4.96.orig.tar.xz.asc
 0bebf31581b4db34a328112c4ebedefe 490164 mail standard exim4_4.96-15+deb12u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUYIAtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUNQQAJQOx3UjwU9ZDxxKwPIVbkYZC/8m65lh
fitN4h8zT0kluZyfSBZxSXTPFDGZ9pPAhKjvJauLcBA4As7bm/p+9fZ++aXIYRWb
dJR1iNvRg6XUHgDvi1XLw1tp3RI6hTPiXKOdReoWH+Nga5TySmkQNRhxqoLgaK6w
3gYcJ1JcNU8TIk05/Wc7okWqfX8wSTgYrAfMwakRmqvphPamcgxkku6Bi+12AEtD
l8R/zDMh2WGJwCLfintDCmYamOSV57vvNgsTxTo2WfYOgVGAwEQPK92uGs5S+JlU
spzESda3e0QHmuXg9py3yccKer2y17cONyTjxV3hQ8bbvywHhuTFPbbQKW6gTHU0
CuTYAGh9IrubBGMOZl72p3fZaoz4Ch7QFv5PjlFVqzPDfdaO5Qu7nzDJkruIR7Ku
0Xu7WBZzbeugJVxAIsI08K8fPZ0CaRrpHWhH/o3BxG4YHNgsjDboL+wWpmlNFiRL
R+wu3abzvhdSK3LjmlBbEfjuNhAIOaidgENbleEq1YlUqRMsYuiuK2vmxZMkMedz
ngQyBqa7frx+shTKfDcIt5gTuqmqjXRFTv1nVo0hyOqXfhuVk+Cvxi++oFZaXIz4
oC0qxVkMximsU+ZHEn/5/PUNCWf9z9eodS+i3Dp5sTR5iUtVOjZAdp8+5tGRXkqA
aBDiRwspqMpV
=YErm
-----END PGP SIGNATURE-----