X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/955f1203c15be96fa84b5331fa2a5cb2e556b9a9..f6b1f8e7d642f82d830a71b78699a4349e0158e1:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2f7135909..f7ab3c005 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -2,6 +2,35 @@ This document describes *changes* to previous versions, that might
 affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
+Exim version 4.96.1
+-------------------
+
+This is a security release.
+
+JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
+      could be triggered by externally-supplied input.  Found by Trend Micro.
+      CVE-2023-42115
+
+JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+      be triggered by externally-controlled input.  Found by Trend Micro.
+      CVE-2023-42116
+
+JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+      be triggered by externally-controlled input.  Found by Trend Micro.
+      CVE-2023-42114
+
+
+JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
+      Make the rewrite never match and keep the logging.  Trust the
+      admin to be using verify=header-syntax (to actually reject the message).
+
+
+Exim version 4.next
+-------------------
+
+HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
+
+
 Exim version 4.97
 -----------------
 
@@ -193,8 +222,11 @@ JH/38 Taint-track intermediate values from the peer in multi-stage authentation
 JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
       and ${tr...}.  Found and diagnosed by Heiko Schlichting.
 
-JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
-      could be triggered by externally-supplied input.  Found by Trend Micro.
+JH/40 Support list of dkim results in the dkim_status ACL condition, making
+      it more usable in the data ACL.
+
+JH/43 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
+      CVE-2023-42219
 
 
 Exim version 4.96