Debian Sa-Exim vulnerabilities

CVE-2019-19920 [MEDIUM] CVE-2019-19920: sa-exim - sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf... sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805. Scope: local bookworm: resolved (fixed in 4.2.1-19) bullseye: resolved (fixed in 4.2.1-19) sid: resolved (fixed in 4

CVE-2006-1251 [MEDIUM] CVE-2006-1251: sa-exim - Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows rem... Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command. Scope: local bookworm: resolved (fixed in 4.2.1-1) bullseye: resolved (fixed in 4.2.