On 2023-03-15 Moritz Mühlenhoff <j...@inutil.org> wrote: > Am Sun, Aug 15, 2021 at 07:21:40AM +0200 schrieb Andreas Metzler: > > On 2021-08-14 Salvatore Bonaccorso <car...@debian.org> wrote: [...] > > > CVE-2021-38371[0]: > > > | The STARTTLS feature in Exim through 4.94.2 allows response injection > > > | (buffering) during MTA SMTP sending. > > [...] > > > > IIRC that is mitigated in experimental (4.95 rc) by ALPN and unkown > > command related changes, I will not be able to check in detail for a > > week or so, though.
> Do you know if this is fixed in 4.96/bookworm? Yes it is. 4.95 and later are fine. https://lists.exim.org/lurker/message/20230315.200011.3128be8e.en.html cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'