affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
-Exim version 4.95
+Exim version 4.96.2
+-------------------
+
+JH/01 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+ CVE-2023-42219
+
+HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
+
+
+Exim version 4.96.1
+-------------------
+
+This is a security release.
+
+JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+ CVE-2023-42115
+
+JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42116
+
+JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42114
+
+JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+ Make the rewrite never match and keep the logging. Trust the
+ admin to be using verify=header-syntax (to actually reject the message).
+
+
+Exim version 4.96
-----------------
JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
was touched.
JH/16 Debugging initiated by an ACL control now continues through into routing
- and transport processes, when delivery is immediate. Previously debugging
- stopped any time Exim re-execs.
+ and transport processes. Previously debugging stopped any time Exim
+ re-execs, or for processing a queued message.
JH/17 The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
passed on the wire for the restarted session. Fix by using the recorded
ocsp status of the stored session for the new connection.
+JH/29 TLS resumption: the key for session lookup in the client now includes
+ more info that a server could potentially use in configuring a TLS
+ session, avoiding oferring mismatching sessions to such a server.
+ Previously only the server IP was used.
+
+JH/30 Fix string_copyn() for limit greater than actual string length.
+ Previously the copied amount was the limit, which could result in a
+ overlapping memcpy for newly allocated destination soon after a
+ source string shorter than the limit. Found/investigated by KM.
+
+JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection
+ close; it may be needed for a subsequent connection. This caused a
+ SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas.
+
+JH/32 Fix CHUNKING for a second message on a connection when the first was
+ rejected. Previously we did not reset the chunking-offered state, and
+ erroneously rejected the BDAT command. Investigation help from
+ Jesse Hathaway.
+
+JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning
+ an empty address. Previously the expansion returned an error.
+
+HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending
+ proxy. Previously these were misparsed, leading to paniclog entries.
+
Exim version 4.95
-----------------