X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/2e30fa9d9b2353551db96aef5c770460f92e1515..93655c46a6d1c1931c50fe6e17fd711578d4f07e:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 157433630..6a8e4d1e1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.507 2007/05/11 08:50:42 tom Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.512 2007/06/14 14:18:19 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -28,6 +28,28 @@ PH/02 When an IPv6 address is converted to a string for single-key lookup TK/01 Change PRVS address formatting scheme to reflect latests BATV draft version. +MH/01 The "spam" ACL condition code contained a sscanf() call with a %s + conversion specification without a maximum field width, thereby enabling + a rogue spamd server to cause a buffer overflow. While nobody in their + right mind would setup Exim to query an untrusted spamd server, an + attacker that gains access to a server running spamd could potentially + exploit this vulnerability to run arbitrary code as the Exim user. + +TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use + $primary_hostname instead of what libspf2 thinks the hosts name is. + +MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for + a directory entry by the name of the lookup key. Previously, if a + symlink pointed to a non-existing file or a file in a directory that + Exim lacked permissions to read, a lookup for a key matching that + symlink would fail. Now it is enough that a matching directory entry + exists, symlink or not. (Bugzilla 503.) + +PH/03 The body_linecount and body_zerocount variables are now exported in the + local_scan API. + +PH/04 Added the $dnslist_matched variable. + Exim version 4.67 -----------------