+exim4 (4.84.2-2+deb8u3) jessie; urgency=medium
+
+ * 94_Fix-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes
+ branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!)
+ Closes: #845569
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 02 Jan 2017 19:18:05 +0100
+
+exim4 (4.84.2-2+deb8u2) jessie-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2016-9963: DKIM information leakage
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 22 Dec 2016 12:17:01 +0100
+
+exim4 (4.84.2-2+deb8u1) jessie-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+
+ [ Dominic Hargreaves ]
+ * eximstats: Remove . from @INC [CVE-2016-1238]
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 25 Jul 2016 20:10:44 +0200
+
+exim4 (4.84.2-2) jessie; urgency=medium
+
+ * 90_Cutthrough-Fix-bug-with-dot-only-line.patch: JH/38 Fix cutthrough bug
+ with body lines having a single dot. The dot was incorrectly not doubled
+ on cutthrough transmission, hence seen as a body-termination at the
+ receiving system - resulting in truncated mails. Commonly the sender saw
+ a TCP-level error, and retransmitted the nessage via the normal
+ store-and-forward channel. This could result in duplicates received - but
+ deduplicating mailstores were liable to retain only the initial truncated
+ version.
+ * 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch: Fix crash
+ on "exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'". Closes: #812585
+ * Improve on NEWS file. Closes: #818349
+ * Add 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch. Backport
+ 3de973a29de6852d61ba9bf1845835d08ca5a5ab (Delay chdir(/) until we opened
+ the main config) to actually make $initial_cwd expansion work. Also unfuzz
+ 89_02_Store-the-initial-working-directory.diff.
+ (Thanks, Серж ИвановЪ for bugreport and pointer to missing patch) Closes:
+ #818897, #826646
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jun 2016 13:56:30 +0200
+
+exim4 (4.84.2-1) jessie-security; urgency=high
+
+ * New upstream security release.
+ + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup
+ is used.
+ + New options keep_environment/add_environment which are empty by default,
+ i.e. any subprocesses start in a clean (empty) environment.
+ + -C requires an absolute path.
+ + Exim changes it's working directory to / right after startup.
+ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
+ options. Set "keep_environment =" by default to avoid a runtime warning.
+ Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2).
+ * 89_01_only_warn_on_nonempty_environment.diff,
+ 89_02_Store-the-initial-working-directory.diff: Upstream followups on the
+ CVE fix (Thanks, Heiko Schlittermann!):
+ + Runtime warning is only generated if (and only if) keep_environment
+ is unset and environment is nonempty.
+ + Store the initial working directory and make it available in the new
+ expansion variable $initial_cwd.
+ * Add NEWS entry to warn of potential breakage.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Mar 2016 08:17:40 +0100
+
+exim4 (4.84-8+deb8u2) jessie; urgency=medium
+
+ * 87_Fix-transport-results-pipe-for-multiple-recipients-c.patch: Pull and
+ unfuzz bd21a78 from upstream GIT, to fix a bug causing duplicate
+ deliveries especially on TLS connections. Closes: #805576
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 21 Nov 2015 11:24:46 +0100
+
+exim4 (4.84-8+deb8u1) jessie; urgency=medium
+
+ * Pull 85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch
+ and 86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch from
+ upstream GIT to fixup more MIME ACL related crashes. (Thanks, Lutz
+ Preßler) Closes: #803562
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 26 Oct 2015 17:42:16 +0100
+
exim4 (4.84-8) unstable; urgency=medium
* Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and