Hi,
>> And indeed I see the
>> same presumably vulnerable version listed for buster here:
>>
>>
>> https://packages.debian.org/search?keywords=exim4&searchon=names&exact=1&suite=all§ion=all
>>
>> That list suggests that only sid (unstable), bullseye (testing), and
>> buster-backports have a fix. ...
>
> Well that was slightly more painful than it probably should have been,
There were some notes in the exim advisories (Linked via the LWN article)
that 4.94 has some data tainting protection and that this might need some
attention when upgrading from earlier releases.
I'm not sure how this has been handled in the Debian buster-backports
package but you might want to check everything is as you expect.
Best wishes,
@ndy
--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF
