This article <https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/> reports on six different security vulnerabilities in the Exim mail transfer agent (MTA), with uncertain status on their fixes. It seems like patches for three of them are available, but only in a private repo, with no clarification of who has access to this repo. Seems like there has been poor communication between Zero Day Initiative (the group that discovered the vulnerabilities) and the Exim project, going back over a year, on these issues. An MTA is the piece of software that receives mail from other machines for users on the local machine (or on other, related machines that it is responsible for), and also forwards mail sent from local users, destined for users on other machines. Exim is the default MTA you get on a Debian installation, if you don’t choose something else (e.g. Postfix). Not sure about Debian derivatives.