upd: 4.96.2 mention fixes

diff --git a/templates/static/doc/security/CVE-2023-zdi.txt b/templates/static/doc/security/CVE-2023-zdi.txt
index 3b45efd74aef496f368e82dcd8bd5245a936fd3e..b56fc5e5ec163682a93dcedee7f02bbe49fc9994 100644 (file)
--- a/templates/static/doc/security/CVE-2023-zdi.txt
+++ b/templates/static/doc/security/CVE-2023-zdi.txt
@@ -11,14 +11,14 @@ on or off.
 
 * One issue is related to data received from a proxy-protocol proxy. If
   you do not use a proxy in front of Exim, you're not affected. If your
-  proxy is trustworthy, you're not affected. We're working on a fix.
+  proxy is trustworthy, you're not affected. This issue is fixed.
 
 * One is related to libspf2. If you do not use the `spf` lookup type or
   the `spf` ACL condition, you are not affected.
 
 * The last one is related to DNS lookups. If you use a trustworthy
   resolver (which does validation of the data it receives), you're not
-  affected. We're working on a fix.
+  affected. This issue is fixed.
 
 Timeline
 --------
@@ -27,20 +27,17 @@ Timeline
   - A security release exim-4.96.1 is published.
   - The major distributions follow.
 
-More patches will follow (coordinated with the major distros) as soon as
-they're available.
+- 2023-10-15 15:45 UTC
+  - Security release exim-4.96.2 is published (sources only)
+  - Distros will follow.
 
 Distribution points:
 --------------------
 - git://git.exim.org
-  branches:
-  - spa-auth-fixes (based on the current master) [commit IDs: 7bb5bc2c6 0519dcfb5 e17b8b0f1 04107e98d]
-  - exim-4.96+security (based on exim-4.96) [gpg signed]
-  - exim-4.96.1+fixes (based on exim-4.96.1 with the fixes from exim-4.96+fixes) [gpg signed]
-  tags:
-  - exim-4.96.1 [gpg signed]
+  - tag exim-4.96.2 (based on exim-4.96) [gpg signed]
+  - branch exim-4.96.2+fixes (based on exim-4.96.2 with the fixes from exim-4.96+fixes) [gpg signed]
 
-- tarballs for exim-4.96.1: https://ftp.exim.org/pub/exim/exim4/ [gpg signed]
+- tarballs for exim-4.96.2: https://ftp.exim.org/pub/exim/exim4/ [gpg signed]
 
 GPG signatures are made by me (hs@schlittermann.de, or Jeremy Harris
 jgh@wizmail.org).
@@ -55,7 +52,7 @@ Subject:    NTLM Challenge Out-Of-Bounds Read
 CVSS Score: 3.7
 Mitigation: Do not use SPA (NTLM) authentication
 Subsystem:  SPA auth
-Fixed:      04107e98d, 4.96.1, 4.97
+Fixed:      04107e98d, >= 4.96.1, 4.97
 
 ZDI-23-1469 | ZDI-CAN-17434 | CVE-2023-42115 | Exim bug 2999
 ------------------------------------------------------------
@@ -63,7 +60,7 @@ Subject:    AUTH Out-Of-Bounds Write
 CVSS Score: 9.8
 Mitigation: Do not offer EXTERNAL authentication.
 Subsystem:  EXTERNAL auth
-Fixed:      7bb5bc2c6, 4.96.1, 4.97
+Fixed:      7bb5bc2c6, >= 4.96.1, 4.97
 
 ZDI-23-1470 | ZDI-CAN-17515 | CVE-2023-42116 | Exim bug 3000
 ------------------------------------------------------------
@@ -71,7 +68,7 @@ Subject:    SMTP Challenge Stack-based Buffer Overflow
 CVSS Score: 8.1
 Mitigation: Do not use SPA (NTLM) authentication
 Subsystem:  SPA auth
-Fixed:      e17b8b0f1, 4.96.1, 4.97
+Fixed:      e17b8b0f1, >= 4.96.1, 4.97
 
 ZDI-23-1471 | ZDI-CAN-17554 | CVE-2023-42117 | Exim Bug 3031
 -------------------------------------------------------------
@@ -79,7 +76,7 @@ Subject:    Improper Neutralization of Special Elements
 CVSS Score: 8.1
 Mitigation: Do not use Exim behind an untrusted proxy-protocol proxy
 Subsystem:  proxy protocol (not socks!)
-Fix:        not yet
+Fix:        a355463cf, >= 4.96.2, 4.97
 
 ZDI-23-1472 | ZDI-CAN-17578 | CVE-2023-42118 | Exim Bug 3032
 ------------------------------------------------------------
@@ -97,6 +94,4 @@ CVSS Score: 3.1
 Mitigation: Use a trustworthy DNS resolver which is able to
             validate the data according to the DNS record types.
 Subsystem:  dns lookups
-Fix:        not yet
-Remark:     It is still under consideration.
-
+Fix:        f6b1f8e7d, >= 4.96.2, 4.97