A design flaw in exim4 allowed the loal Debian-exim user to obtain root privileges by specifying an alternate configuration file using the -C option or by using the macro override facility . Unfortunately, fixing this vulnerability is not possible without some changes in exim4"s behvaviour. If you use the -C or -D options or use the system filter facility, you should evaluate the changes carefull ...