Exim mail server developers administrators about their intention to release update 25 on July 4.92.1, which will fix a critical vulnerability (CVE-2019-13917) that allows remote execution of your code as root if there are certain specific settings in the configuration.
Details about the problem have not yet been disclosed, all mail server administrators are advised to prepare for the installation of an emergency update on July 25th. On this day, updates to packages with Exim in the main distributions will be released in a coordinated manner. At the same time, the risk of exploitation of the vulnerability is marked as low, since the vulnerability does not manifest itself in the default configuration, both in the base Exim distribution and in the Debian package.
Source: opennet.ru