Add details for CVE-2016-9963

[exim-website.git] / templates / static / doc / CVE-2016-1531.txt

diff --git a/templates/static/doc/CVE-2016-1531.txt b/templates/static/doc/CVE-2016-1531.txt
index a95875e7950944e5b546eb83f86e50fea0c2b921..7a2bf41a37ca51f63a50a782abefc29c6bd15de5 100644 (file)
--- a/templates/static/doc/CVE-2016-1531.txt
+++ b/templates/static/doc/CVE-2016-1531.txt
@@ -6,6 +6,20 @@ vulnerable to a local privilege escalation. Any user who can start an
 instance of Exim (and this is normally *any* user) can gain root
 privileges.
 
+The official fix is in Exim release 4.86.2. (tagged as exim-4_86_2)
+
+For your convenience we released 4.85.2            (tagged as exim-4_85_2)
+                                 4.84.2            (tagged as exim-4_84_2)
+
+To support package maintainers on older systems we maintain (on a best
+effort basis) GIT branches with backported patches for older releases:
+
+                                exim-4_80_1+CVE-2016-1531
+                                exim-4_82_1+CVE-2016-1531
+
+(We didn't assign GIT tags, to indicate that's nothing real official.)
+
+
 New options
 -----------
 
@@ -38,8 +52,8 @@ To add (or override) variables, you can use add_environment:
 New behaviour
 -------------
 
-Now Exim changes it's working directory to / right after startup,
-even before reading it's configuration. (Later Exim changes it's working
+Now Exim changes its working directory to / right after startup,
+even before reading its configuration. (Later Exim changes its working
 directory to $spool_directory, as usual.)
 
 Exim only accepts an absolute configuration file path now, when using