Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler: > On 2021-08-14 Salvatore Bonaccorso <car...@debian.org> wrote: > > Source: exim4 > > Version: 4.94.2-7 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > Hi, > > > The following vulnerability was published for exim4, this is to start > > tracking the issue downstream for us. Note that at time of writing [2] > > gives still a 404. > > > CVE-2021-38371[0]: > > | The STARTTLS feature in Exim through 4.94.2 allows response injection > > | (buffering) during MTA SMTP sending. > [...] > > IIRC that is mitigated in experimental (4.95 rc) by ALPN and unkown > command related changes, I will not be able to check in detail for a > week or so, though.
Do you know if this is fixed in 4.96/bookworm? Cheers, Moritz