git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Defend against symlink attack by another process running as exim
[exim.git] / doc / doc-txt / ChangeLog
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index f2000b5d4498eb4ff7d88e874fee782ff2674eb1..28007d01f48dd57b2a8a291fd148fc8364c524ab 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -94,6 +94,16 @@ JH/25 Decoding ACL controls is now done using a binary search; the sourcecode
       takes up less space and should be simpler to maintain.  Merge the ACL
       condition decode tables also, with similar effect.
 
+JH/26 Fix problem with one_time used on a redirect router which returned the
+      parent address unchanged.  A retry would see the parent address marked as
+      delivered, so not attempt the (identical) child.  As a result mail would
+      be lost.
+
+JH/27 Fix a possible security hole, wherein a process operating with the Exim
+      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
+      discovery and writeup.  Ubuntu bug 1580454; no bug raised against Exim
+      itself :(
+
 
 Exim version 4.87
 -----------------
Master Exim source repository