Bug 787 – memory corruption in string_format code. Important if you're running a Debian version older than Lenny, as there are no more security updates available and you have to patch it yourself. This one closes the door. By the way, it's quite interesting to look at the date - it has been fixed since 2008, but due to the early discontinuation of security updates for outdated Debian releases, it is still present in many Debian systems based on Etch (and older). Debian is only recommended for use if you can actually keep up with every release change in a timely manner. Otherwise, solutions like Ubuntu LTS are by far the better choice. Apart from that, it's quite embarrassing that Lenny still had such an outdated Exim ...