I apologise for the impact of releasing this on a Friday. I do not
consider there to be an acceptable alternative. This issue, which is
known by the CVE ID of CVE-2012-5671, was found during internal code
review of an area of the Exim codebase relevant to another issue, DKIM
signing and verification, which has been the subject of US-CERT
VU#268267 and Common Weakness identifiers CWE-347 and CWE-326. As such,
I expect that this area of code in various MTAs will be studied by many
security conscious people around about now, so there is a significant
risk that someone unfriendly has also discovered this, concurrently to
our finding it. We discovered the issue on Wednesday, gave Thursday for
the OS packagers to get emergency packages prepared, and are releasing
on the next available work day.

via [exim-announce] Exim 4.80.1 Security Release.