Hi Tomas, On Tue, Oct 31, 2023 at 11:07:06AM +0100, Tomas Pospisek wrote: > Hello Exim maintainers, > > this ticket, asking for packages with fixes for CVE-2023-42117 and other > security relavant issues is closed. > > However only a package for unstable has been released: > > https://security-tracker.debian.org/tracker/CVE-2023-42117 > > all other Debian releases (stable, oldstable) still seem to be carrying the > vulnerable Exim4 version. > > What is the status of releasing fixed Exims for Debian stable, oldstable? Is > anybody working on it? Is help needed?
Fixes for CVE-2023-42117 and CVE-2023-42119 are right now considered no-dsa (see comment on the security-tracker about it), and are going to be fixed in the next point releases. Does this help? Regards, Salvatore