+exim4 (4.84.2-2) jessie; urgency=medium
+
+ As part of the fix for CVE-2016-1531 updated Exim versions clean
+ the complete execution environment by default, affecting Exim and
+ subprocesses such as routers calling other programs, and thus may break
+ existing installations. New configuration options (keep_environment,
+ add_environment) were introduced to adjust this behavior. Because of the
+ possible breakage Exim will show a runtime warning if keep_environment is
+ not set.
+
+ The Debian exim4 configuration does not rely on specific environment
+ variables and therefore sets 'keep_environment =' (i.e confirm empty
+ environment).
+
+ Users of custom Exim configurations will need to check whether their setup
+ continues to work with the abovementioned upstream change and modify the
+ Exim environment as needed otherwise. If the setup works fine with empty
+ environment it is still necessary to set the main configuration option
+ "keep_environment =" to quiet the runtime warning.
+
+ See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 28 Mar 2016 17:58:09 +0200
+
exim4 (4.68-1) unstable; urgency=low
In order to fix #420217, the handling of incoming messages to