Exim developers announced the discovery of a vulnerability and the upcoming release of an update that fixes it. It is noted that the risk of operation is quite low, since for operation it is necessary to have a fairly specific configuration. Details have not yet been disclosed, except that operation is possible both locally and remotely.
The update will be released on July 25, 2019, at which time additional details will be made public. Currently, all current versions are potentially vulnerable, but neither the configuration proposal from the developers nor the package in Debian is at risk.
Source: linux.org.ru