Release notes for Exim 4.76 says:
Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to
a format-string attack -- SECURITY: remote arbitrary code
execution.
DKIM signature header parsing was double-expanded, second
time unintentionally subject to list matching rules, letting
the header cause arbitrary Exim lookups (of items which can
occur in lists, *not* arbitrary string expansion). This
allowed for information disclosure.
Also, impact assessment was redone shortly after the original
announcement:
Further analysis revealed that the second security was
more severe than I realised at the time that I wrote the
announcement. The second security issue has been assigned
CVE-2011-1407 and is also a remote code execution flaw.
For clarity: both issues were introduced with 4.70.