Ubuntu Security Notice 1032-1 - Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges.
77e24a5685302d1d9a4706ecabe2856bbab0526e7306773761125b28efb31777