Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN890
_____________________________________________________________________

DATE                : 22/12/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Exim versions prior to 4.99.1.

=====================================================================
https://lists.exim.org/lurker/message/20251217.170932.fd5b3ca2.en.html
https://lists.exim.org/lurker/message/20251217.151548.85d1a2bc.en.html
_____________________________________________________________________

Author: Heiko Schlittermann via Exim-announce
Date: 2025-12-17 17:09 UTC
To: exim-announce-owner, Heiko Schlittermann via Exim-announce,
     exim-announce
CC: Heiko Schlittermann, Heiko Schlittermann
Subject: [exim-announce] Re: Exim 4.99.1 Released (security release)
Sorry for the typo: 4.98.2 should be safe. (The original announcement
mentioned the wrong version.)

Thanks to everyone who pointed that out and sorry for the confusion.
-- 
Heiko Schlittermann (unterwegs)
____________________________________________________________________

Dear Exim users and maintainers,

we are pleased to announce the availability of release 4.99.1 of Exim.

This is a security release. It fixes CVE-2025-67896 (aka
EXIM-Security-2025-12-09.1), which was introduced with 4.99. Older Exim
versions may or may not be vulnerable and are not activly maintained
anymore by the Exim maintainers. (To the best of our knowledge, 4.98.1
should be safe.)

Configurations using SQlite for lookups and hintdb were vulnerable.
Details: https://code.exim.org/exim/exim/src/branch/exim-4.99+fixes/doc/doc-txt/exim-security-2025-12-09.1/report.txt

Exim 4.99.1 is available:

* as tarball
* https://ftp.exim.org/pub/exim/exim4/
* https://code.exim.org/exim/exim/releases

* directly from Git: https://code.exim.org/exim/exim
tag: exim-4.99.1

The signatures on the release tarballs and Git tag should be

 *  The release files are signed by key DD98D92359DE9E3C2663F291697F0EDD68099F6F
    "Heiko Schlittermann (Dresden) <hs@???>"
    aka "Heiko Schlittermann (Exim MTA Maintainer) <heiko@???>"



    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================