-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.506 2007/05/08 13:08:22 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.510 2007/05/31 12:41:49 magnus Exp $
Change log file for Exim from version 4.21
-------------------------------------------
ordinary lsearch keys. However, making the change in all cases is
incompatible and would probably break a number of configurations.
+TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+ version.
+
+MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
+ conversion specification without a maximum field width, thereby enabling
+ a rogue spamd server to cause a buffer overflow. While nobody in their
+ right mind would setup Exim to query an untrusted spamd server, an
+ attacker that gains access to a server running spamd could potentially
+ exploit this vulnerability to run arbitrary code as the Exim user.
+
+TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+ $primary_hostname instead of what libspf2 thinks the hosts name is.
+
+MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+ a directory entry by the name of the lookup key. Previously, if a
+ symlink pointed to a non-existing file or a file in a directory that
+ Exim lacked permissions to read, a lookup for a key matching that
+ symlink would fail. Now it is enough that a matching directory entry
+ exists, symlink or not. (Bugzilla 503.)
+
Exim version 4.67
-----------------
git://git.exim.org / exim.git / blobdiff