[exim-cvs] ChangeLog updates for the security issues.

Góra strony
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] ChangeLog updates for the security issues.
Gitweb: http://git.exim.org/exim.git/commitdiff/6ea4a8515023997aeb674688d2247bbabfa58aa1
Commit:     6ea4a8515023997aeb674688d2247bbabfa58aa1
Parent:     053a9aa35c76fe12f456b508fc9d96aa9a78e6c5
Author:     Phil Pennock <pdp@???>
AuthorDate: Sun May 8 23:00:17 2011 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Sun May 8 23:00:17 2011 -0400


    ChangeLog updates for the security issues.
---
 doc/doc-txt/ChangeLog |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b30b6ab..5922770 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -31,7 +31,15 @@ PP/08 Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
       Bugzilla 1104.


 TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
-      format-string attack.
+      format-string attack -- SECURITY: remote arbitrary code execution.
+
+TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
+      time unintentionally subject to list matching rules, letting the header
+      cause arbitrary Exim lookups (of items which can occur in lists, *not*
+      arbitrary string expansion). This allowed for information disclosure.
+
+PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
+      INT_MIN/-1 -- value coerced to INT_MAX.



Exim version 4.75