Re: Exim 4.99.2 fixes 4 CVEs

[Florian Weimer <fw () deneb enyo de>]

* Solar Designer:

> From: Bernard Quatermass <bernardq () exim org>
> Subject: Re: [vs-plain] EXIM-Security-2026-04-24
> To: "Distros @ oss-security openwall" <distros () vs openwall org>
> CC: "security () exim org" <security () exim org>
> Date: Wed, 29 Apr 2026 13:19:42 +0100 (2 days, 3 hours, 26 seconds ago)
>
> we are pleased to announce the availability of release 4.99.2 of Exim.
>
> This is a security release.
>
> It fixes the following vulnerabilities.
>
> CVE-2026-40684     Possible crash with malicious DNS data when using musl libc
>
>    On systems using musl libc (not glibc) due to an oddity in octal printing
>    it is possible to crash the connection instance when malformed DNS data
>    is present in PTR records.

I sent a note to Rich Felker (musl maintainer) regarding this.