On 2021/09/08 11:12, Renaud Allard wrote: > I discussed with exim guys and it seems they are quiet reluctant at > modifying "correct C code".
It's not correct code that the %n abort is there to protect against. It's to prevent cases with incorrect code from turning into a hole. Hopefully Exim's monolithic setuid-root binary has no format string vulnerabilities but I bet there are some in the other few hundred GB of code in ports.
