Thursday 06 May 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
Versions of Exim since the beginning of its Git in 2004.
What you need to know:
Qualys security researchers have unravelled 21 vulnerabilities from CVE-2020-28007 to CVE-2020-28026, plus CVE-2021-27216, in the Exim mail server. These vulnerabilities are 11 local and 10 remote flaws which could lead to code execution attacks.
Actions to be taken:
Exim prepared a security release tagged as exim-4.94.1 which contains all changes on the exim 4.94+ fixes branch plus security fixes.
The sources will be available on their security repo:
tarballs: [email protected]???:exim-packages-security.git
source: [email protected]???:exim-security.git
Access to these security Git repos will be granted for the known set of Exim maintainers and distro packagers first. Please reach out to Qualys if you need further details or if you think you should be part of this set.
One week after granting access to the distro packagers the release will be pushed to the well-known public repos as usual.