Exim 4.73 Release
Exim release 4.73 is now available from the primary ftp site:
This is primarily a security and bug fix release. The changes
1. TWO MAJOR SECURITY FIXES:-
+ CVE-2010-4344 exim remote code execution flaw
+ CVE-2010-4345 exim privilege escalation
2. Improvements to OpenSSL support.
3. Convert to a more recent Clam/AV API.
4. Additional improvements to DKIM support
5. Remove reliance on C99 va_copy()
CVE-2010-4344 was actually resolved by a fix in release 4.70, but
not identified at the time as a security issue. Changes have been
made in release 4.73 to resolve CVE-2010-4345. We recommend that
users should migrate to 4.73 as soon as possible, however some
distributions are instead using older releases with specific
patches for these issues.
Due to packaging build issues no texinfo documentation files have
been produced - however they should be buildable from the
documentation source should you have the correct toolchain
available. The HTML documentation included is now built using the
same toolchain as the website documentation.
The primary ftp server is in Cambridge, England. There is a list of
* the status of Exim Download Sites mirrors
The master ftp server is now ftp.exim.org.
The distribution files are signed with Nigel Metheringham's GPG key
(address is email@example.com, key id is DDC03262), which is available
on the ftp site and on a number of keyservers. The ASCII signature
files are in the same directory as the tarbundles. The SHA1 hashes
for the distribution files are:
The distribution contains an ASCII copy of the 4.73 manual and
other documents. Other formats of the documentation are also
The .bz2 versions of these tarbundles are also available.
The ChangeLog for this, and several previous releases, is included
in the distribution. Individual change log files are also available
on the ftp site, the current one being:-
Brief documentation for new features is available in the NewStuff
file in the distribution. Individual NewStuff files are also
available on the ftp site, the current one being:-