affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
-Exim version 4.96.1
--------------------
-
-This is a security release.
-
-JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
- could be triggered by externally-supplied input. Found by Trend Micro.
- CVE-2023-42115
-
-JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
- be triggered by externally-controlled input. Found by Trend Micro.
- CVE-2023-42116
-
-JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
- be triggered by externally-controlled input. Found by Trend Micro.
- CVE-2023-42114
-
+Exim version 4.98
+-----------------
-JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
- Make the rewrite never match and keep the logging. Trust the
- admin to be using verify=header-syntax (to actually reject the message).
+JH/01 Support list of dkim results in the dkim_status ACL condition, making
+ it more usable in the data ACL.
+JH/02 Bug 3040: Handle error on close of the spool data file during reception.
+ Previously This was only logged, on the assumption that errors would be
+ seen for a previous fflush(). However, a fuse filesystem has been
+ reported as showing this an error for the fclose(). The spool is now in
+ an uncertain state, and we have logged and responded acceptance. Change
+ this to respond with a temp-reject, wipe spoolfiles, and log the error
+ detail.
-Exim version 4.next
--------------------
+JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA. When hit
+ during a recipient verify callout, a QUIT command was attempted on the
+ now-closed callout channel, causing a paniclog entry.
-HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
+JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
+ a connection_reject log_selector, under tls_on_connect. Previously
+ with this combination, when the connect ACL rejected, a spurious
+ paniclog entry was made.
Exim version 4.97
JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
- iteslf returned DNS_AGAIN, unbounded recursion occurred. Possible results
+ itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
-JH/40 Support list of dkim results in the dkim_status ACL condition, making
- it more usable in the data ACL.
+JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+ CVE-2023-42115
+
+JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42116
-JH/43 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42114
+
+JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+ Make the rewrite never match and keep the logging. Trust the
+ admin to be using verify=header-syntax (to actually reject the message).
+
+JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
+HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
+
Exim version 4.96
-----------------
-JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
+JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
after reception to before a subsequent reception. This should
mean slightly faster delivery, and also confirmation of reception
to senders.
git://git.exim.org / exim.git / blobdiff