git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
CVE-2020-28008: Assorted attacks in Exim's spool directory
[exim.git]
/
doc
/
doc-txt
/
ChangeLog
diff --git
a/doc/doc-txt/ChangeLog
b/doc/doc-txt/ChangeLog
index 87f1952f5b56ef272be56b77f2fb21fbe4588fdb..636fdf71e058ba74fa1bf5eff7892f2343b6ea84 100644
(file)
--- a/
doc/doc-txt/ChangeLog
+++ b/
doc/doc-txt/ChangeLog
@@
-205,6
+205,11
@@
PP/11 Fix security issue in BDAT state confusion.
mode until after various protocol state checks.
Fixes CVE-2020-BDATA reported by Qualys.
mode until after various protocol state checks.
Fixes CVE-2020-BDATA reported by Qualys.
+HS/03 Die on "/../" in msglog file names
+
+QS/01 Creation of (database) files in $spool_dir: only uid=0 or the euid of
+ the Exim runtime user are allowed to create files.
+
Exim version 4.94
-----------------
Exim version 4.94
-----------------