JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
- iteslf returned DNS_AGAIN, unbounded recursion occurred. Possible results
+ itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
or fakedefer. Previously the sender could discover that the message
had in fact been accepted.
+JH/38 Taint-track intermediate values from the peer in multi-stage authentation
+ sequences. Previously the input was not noted as being tainted; notably
+ this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
+ bad coding of authenticators.
+
+JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
+ and ${tr...}. Found and diagnosed by Heiko Schlichting.
+
+JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+ CVE-2023-42115
+
+JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42116
+
+JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42114
+
+JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+ Make the rewrite never match and keep the logging. Trust the
+ admin to be using verify=header-syntax (to actually reject the message).
+
+JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+ CVE-2023-42219
+
+HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
Exim version 4.96
-----------------
git://git.exim.org / exim.git / blobdiff