git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
CVE-2020-28008: Assorted attacks in Exim's spool directory
[exim.git]
/
doc
/
doc-txt
/
ChangeLog
diff --git
a/doc/doc-txt/ChangeLog
b/doc/doc-txt/ChangeLog
index 313dcbf7ebee35de13df3042095ddbe1dacbd171..4debef807fddd0a71d7c30f05de7c822f2bffe42 100644
(file)
--- a/
doc/doc-txt/ChangeLog
+++ b/
doc/doc-txt/ChangeLog
@@
-296,6
+296,9
@@
PP/11 Fix security issue in BDAT state confusion.
HS/03 Die on "/../" in msglog file names
+QS/01 Creation of (database) files in $spool_dir: only uid=0 or the euid of
+ the Exim runtime user are allowed to create files.
+
Exim version 4.94
-----------------
git://git.exim.org / exim.git / blobdiff