2 matches found
CLSA-2026-1779369819 Fix CVE(s): CVE-2026-40686, CVE-2026-40687
SECURITY UPDATE: heap read out-of-bounds in UTF-8 expansion - debian/patches/CVE-2026-40686.patch: harden $fromutf8: expansion operator against malformed UTF-8 trailing bytes. - CVE-2026-40686 SECURITY UPDATE: SPA authenticator buffer hardening - debian/patches/CVE-2026-40687.patch: zero...
CLSA-2026-1778690918 exim: Fix of CVE-2026-40686
CVE-2026-40686: out-of-bounds read in the GETUTF8INC macro in src/expand.c when processing malformed UTF-8 in expansion operators with utf8 enabled, potentially disclosing heap data via SMTP rejection messages...