Dear Distros,

we got a report about a vulnerability of Exim: CVE-2025-26794
This issue is fixed already and patches are available (see below).

Detailed information is embargoed currently. 

See https://exim.org/static/doc/security/CVE-2025-27694.md for public
information.

The scheduled coordinated release date is:
    
    Friday, Feb 20th, 12:00 UTC

Your packages may or may be not vulnerable: *all* of the following
conditions need to be met to be vulnerable:

- Exim version 4.98
- Built with SQLite3 support for the hints databases:
    USE_SQLITE = yes
    DBMLIB = -lsqlite3

A repository for you is made accessible at

  https://code.exim.org/exim/exim-distros.git

The new release is tagged as "exim-4.98.1" (on a branch
exim-4.98+security). If you need access to the repo and didn't receive
any credentials yet, please feel free to contact us.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -