Exim 4.98 released

[cjd]

Exim 4.98 security update released to address CVE/bugs

Bug 3063 – "SMTP Smuggling" attack

bugs.exim.org

NVD - CVE-2023-51766

nvd.nist.gov

There is a current additional CVE that has been patched by Debian (older versions), not sure if it applies to 4.98

NVD - CVE-2024-39929

nvd.nist.gov

 

[ccto]

IMHO, for CVE-2024-39929, it seems we (as legacy admins) use /etc/system_filter.exim to block selected attachment file extensions, instead of mime_filename

Hopefully it does not relate.

 

[fln]

CustomBuild now supports downloading exim sources directly form upstream. To use this version immediately it is enough to change exim version to 4.98 via the CustomBuild UI, or manually in custom_versions.txt.

Nevertheless we will make a new DA release with exim set to 4.98 as latest version.