CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2025/12/18 14:39:26
Modified files:
mail/exim : Makefile distinfo
Log message:
Security update to exim 4.99.1 from maintainer
1. Incomplete SQL injection fix - CVE-2025-26794's patch doesn't escape single
quotes
2. Heap buffer overflow - Unvalidated database field used as array bound (NEW)
https://code.exim.org/exim/exim/src/commit/d46a6727798fc48d1756190a6d46d19216348c25/doc/doc-txt/exim-security-2025-12-09.1/report.txt
Is it finally time to take this behind the barn?
