git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CVE-2020-28014, CVE-2021-27216: PID file handling
[exim.git] / doc / doc-txt / ChangeLog
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 98c1b05e26929715ccf60c5028e883b554888ac2..e2843e3b669e59617f9853f8c44c011d2a665734 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -207,6 +207,12 @@ PP/11 Fix security issue in BDAT state confusion.
 
 HS/03 Die on "/../" in msglog file names
 
+QS/01 Creation of (database) files in $spool_dir: only uid=0 or the uid of
+      the Exim runtime user are allowed to create files.
+
+QS/02 PID file creation/deletion: only possible if uid=0 or uid is the Exim
+      runtime user.
+
 
 Exim version 4.94
 -----------------
Master Exim source repository