Documentation/Tests for CVE-2014-2972 fix

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 606c8201f999d4683414c60d6fb0794c6d59e66d..61086c7e254ae90872eb640b6b8e21c4938b0b3b 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -135,6 +135,25 @@ JH/26 Port service names are now accepted for tls_on_connect_ports, to
 TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
       support and error reporting did not work properly.
 
+TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
+      and is readable.  Patch from Andrew Colin Kissa.
+
+TL/14 Enhance documentation of ${run expansion and how it parses the
+      commandline after expansion, particularly in the case when an
+      unquoted variable expansion results in an empty value.
+
+JH/27 The TLS SNI feature was broken in 4.82.  Fix it.
+
+PP/02 Fix internal collision of T_APL on systems which support RFC3123
+      by renaming away from it.  Addresses GH issue 15, reported by
+      Jasper Wallace.
+
+JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
+
+TL/15 SECURITY: prevent double expansion in math comparison functions
+      (can expand unsanitized data). Not remotely exploitable.
+      CVE-2014-2972
+
 
 Exim version 4.82
 -----------------
@@ -372,7 +391,7 @@ TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
 TL/12 Enhanced documentation in the ratelimit.pl script provided in
       the src/util/ subdirectory.
 
-TL/13 Bug 1301 - Imported transport SQL logging patch from Axel Rau
+TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
       renamed to Transport Post Delivery Action by Jeremy Harris, as
       EXPERIMENTAL_TPDA.