X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7be145827de6464f18601325df0091b7c7ab908e..6741531cf79cbd3b403b8a52ed07635fe543cd3a:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e0981f4eb..6dd768c8a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,8 +5,8 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
-Exim version 4.91
------------------
+Since Exim version 4.90
+-----------------------
 
 JH/01 Replace the store_release() internal interface with store_newblock(),
       which internalises the check required to safely use the old one, plus
@@ -82,11 +82,22 @@ JH/15 Relax results from ACL control request to enable cutthrough, in
       ignoring.  This covers use with PRDR, frozen messages, queue-only and
       fake-reject.
 
+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)
+
 JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
       metadata, resulting in a crash in free().
 
-PP/01 Fix broken refactor of Heimdal GSSAPI authenticator init.
+PP/01 Fix broken Heimdal GSSAPI authenticator integration.
       Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
+      Broken also in d185889f4, with init system revamp.
+
+JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner.
+      Previously we abruptly closed the connection after reading a malware-
+      found indication; now we go on to read the "scan ok" response line,
+      and send a quit.
+
+JH/18 Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
+      ACL.  Previously, a crash would result.
 
 
 Exim version 4.90