git://git.exim.org / users / heiko / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Taint: fix multiple ACL actions to properly manage tainted argument data
[users/heiko/exim.git] / doc / doc-txt / ChangeLog
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 94bcea29bdff9713a81cba2bf4e8fa406c6fb4bb..015959cb6ff93154ea58fc0db9977058df972425 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -8,12 +8,14 @@ Since Exim version 4.94
 
 JH/02 Bug 2587: Fix pam expansion condition.  Tainted values are commonly used
       as arguments, so an implementation trying to copy these into a local
-      buffer was taking a taint-enformance trap.  Fix by using dynamically
+      buffer was taking a taint-enforcement trap.  Fix by using dynamically
       created buffers.
 
 JH/03 Bug 2586: Fix listcount expansion operator.  Using tainted arguments is
       reasonable, eg. to count headers.  Fix by using dynamically created
-      buffers rather than a local,
+      buffers rather than a local.  Do similar fixes for ACL actions "dcc",
+      "log_reject_target", "malware" and "spam"; the arguments are expanded
+      so could be handling tainted values.
 
 
 Exim version 4.94
Unnamed repository; edit this file 'description' to name the repository.