Our friends at Ubuntu released initial_cwd security patch correctly from the start.
Here is a relevant change log: http://changelogs.ubuntu.com/changelogs/pool/main/e/exim4 /exim4_4.82-3ubuntu2.1/changelog "debian/patches/CVE-2016-1531-4.patch: delay chdir(/) until we opened the main config." Some feedback would be greatly appreciated.
