git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Defend against symlink attack by another process running as exim
[exim.git] / doc / doc-txt / ChangeLog
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b920d92cc5c7769d8556094e3e21a0a070aae415..28007d01f48dd57b2a8a291fd148fc8364c524ab 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -99,6 +99,11 @@ JH/26 Fix problem with one_time used on a redirect router which returned the
       delivered, so not attempt the (identical) child.  As a result mail would
       be lost.
 
+JH/27 Fix a possible security hole, wherein a process operating with the Exim
+      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
+      discovery and writeup.  Ubuntu bug 1580454; no bug raised against Exim
+      itself :(
+
 
 Exim version 4.87
 -----------------
Master Exim source repository