X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/173bd1c8f9cf83ad8c0e61a9e32678e7e371d41d..623f07cfdcaca96274ca765d0fcf0761bdf7151b:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index dbdc22117..015959cb6 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -8,9 +8,15 @@ Since Exim version 4.94
 
 JH/02 Bug 2587: Fix pam expansion condition.  Tainted values are commonly used
       as arguments, so an implementation trying to copy these into a local
-      buffer was taking a taint-enformance trap.  Fix by using dynamically
+      buffer was taking a taint-enforcement trap.  Fix by using dynamically
       created buffers.
 
+JH/03 Bug 2586: Fix listcount expansion operator.  Using tainted arguments is
+      reasonable, eg. to count headers.  Fix by using dynamically created
+      buffers rather than a local.  Do similar fixes for ACL actions "dcc",
+      "log_reject_target", "malware" and "spam"; the arguments are expanded
+      so could be handling tainted values.
+
 
 Exim version 4.94
 -----------------