Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based
buffer overflow in string_vformat that could lead to remote code
execution. “The currently known exploit uses a extraordinary long
EHLO string to crash the Exim process that is receiving the message. While
at this mode of operation Exim already dropped its privileges, other paths to
reach the vulnerable code may exist.“

Source: LWN.net – Exim 4.92.3 security release