affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+Exim version 4.96.2
+-------------------
+
+JH/01 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+ CVE-2023-42219
+
+HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
+
+
+Exim version 4.96.1
+-------------------
+
+This is a security release.
+
+JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+ CVE-2023-42115
+
+JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42116
+
+JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42114
+
+JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+ Make the rewrite never match and keep the logging. Trust the
+ admin to be using verify=header-syntax (to actually reject the message).
+
+
Exim version 4.96
-----------------
erroneously rejected the BDAT command. Investigation help from
Jesse Hathaway.
+JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning
+ an empty address. Previously the expansion returned an error.
+
+HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending
+ proxy. Previously these were misparsed, leading to paniclog entries.
+
Exim version 4.95
-----------------