Merge branch '4.next'

[users/heiko/exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 0ea49a280132de83a34d923389ad0c31deea3a03..d4b1820d5c3b87fefac4c54fa913e051e75c7afd 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,6 +5,14 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 

+Exim version 4.91
+-----------------
+
+JH/01 Replace the store_release() internal interface with store_newblock(),
+      which internalises the check required to safely use the old one, plus
+      the allocate and data copy operations duplicated in both (!) of the
+      extant use locations.
+

 Exim version 4.90
 -----------------
 
 Exim version 4.90
 -----------------
 


@@ -195,7 +203,16 @@ JH/33 Downgrade an unfound-list name (usually a typo in the config file) from
 
 JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines.
       A crafted sequence of BDAT commands could result in in-use memory beeing
 
 JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines.
       A crafted sequence of BDAT commands could result in in-use memory beeing

-      freed.
+      freed.  CVE-2017-16943.
+
+HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading
+      from SMTP input.  Previously it was always done; now only done for DATA
+      and not BDAT commands.  CVE-2017-16944.
+
+JH/35 Bug 2201: Flush received data in BDAT mode after detecting an error fatal
+      to the message (such as an overlong header line).  Previously this was
+      not done and we did not exit BDAT mode.  Followon from the previous item
+      though a different problem.

 
 
 Exim version 4.89
 
 
 Exim version 4.89