X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6d2c02560e5c0aa7cef83d02b26f193135b93e21..b9e0b12d9b665bbff996382264d4ba97d1a61efd:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d492a62b7..8c5b7fd9c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,6 +2,24 @@ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.96.1 +------------------- + +This is a security release. + +JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which + could be triggered by externally-supplied input. Found by Trend Micro. + CVE-2023-42115 + +JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could + be triggered by externally-controlled input. Found by Trend Micro. + CVE-2023-42116 + +JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could + be triggered by externally-controlled input. Found by Trend Micro. + CVE-2023-42114 + + Exim version 4.96 ----------------- @@ -70,8 +88,8 @@ JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon was touched. JH/16 Debugging initiated by an ACL control now continues through into routing - and transport processes, when delivery is immediate. Previously debugging - stopped any time Exim re-execs. + and transport processes. Previously debugging stopped any time Exim + re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. @@ -136,6 +154,21 @@ JH/30 Fix string_copyn() for limit greater than actual string length. overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. +JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection + close; it may be needed for a subsequent connection. This caused a + SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. + +JH/32 Fix CHUNKING for a second message on a connection when the first was + rejected. Previously we did not reset the chunking-offered state, and + erroneously rejected the BDAT command. Investigation help from + Jesse Hathaway. + +JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning + an empty address. Previously the expansion returned an error. + +HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending + proxy. Previously these were misparsed, leading to paniclog entries. + Exim version 4.95 -----------------