X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/36bc854c86908ee921225c1d30e35c4d59eed822..0d82dc37b36017c11fd37936bd76cfeea9516e2d:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index aa1db1dfe..4306cabc0 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -88,7 +88,7 @@ JH/18 Fix a fencepost error in logging.  Previously (since 4.92) when a log line
 
 JH/19 Bug 2911: Fix a recursion in DNS lookups.  Previously, if the main option
       dns_again_means_nonexist included an element causing a DNS lookup which
-      iteslf returned DNS_AGAIN, unbounded recursion occurred.  Possible results
+      itself returned DNS_AGAIN, unbounded recursion occurred.  Possible results
       included (though probably not limited to) a process crash from stack
       memory limit, or from excessive open files.  Replace this with a paniclog
       whine (as this is likely a configuration error), and returning
@@ -170,8 +170,8 @@ JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
 JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
       a null-indirection SIGSEGV for the receive process.
 
-JH/33 Fix free for live variable $value created by a ${run ...} expansion.
-      Although not seen, this could have resulted in a SIGSEGV.
+JH/33 Fix free for live variable $value created by a ${run ...} expansion during
+      -bh use.  Internal checking would spot this and take a panic.
 
 JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
       In 4.96 this would expand to empty.
@@ -179,6 +179,40 @@ JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
 JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
       certificate.  Find and fix by Andreas Metzler.
 
+JH/36 Add ARC info to DMARC hostory records.
+
+JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
+      or fakedefer.  Previously the sender could discover that the message
+      had in fact been accepted.
+
+JH/38 Taint-track intermediate values from the peer in multi-stage authentation
+      sequences.  Previously the input was not noted as being tainted; notably
+      this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
+      bad coding of authenticators.
+
+JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
+      and ${tr...}.  Found and diagnosed by Heiko Schlichting.
+
+JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
+      could be triggered by externally-supplied input.  Found by Trend Micro.
+      CVE-2023-42115
+
+JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+      be triggered by externally-controlled input.  Found by Trend Micro.
+      CVE-2023-42116
+
+JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+      be triggered by externally-controlled input.  Found by Trend Micro.
+      CVE-2023-42114
+
+JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+      Make the rewrite never match and keep the logging.  Trust the
+      admin to be using verify=header-syntax (to actually reject the message).
+
+JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+      CVE-2023-42219
+
+HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
 
 Exim version 4.96
 -----------------