| Package | exim4 |
|---|---|
| Version | 4.84.2-2+deb8u10 (jessie), 4.89-2+deb9u10 (stretch) |
| Related CVEs | CVE-2021-38371 |
A flaw was found in Exim, a Mail Transport Agent (MTA). The STARTTLS feature in Exim allows response injection (buffering) during MTA SMTP sending. The program will fail with an appropriate error message if such a behavior is detected now.
For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u10.
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u10.
We recommend that you upgrade your exim4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.