X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/6545de78cb822ab5db97a2f16fe7a42cc9488bd8..b7487bcec431809cb7fc3c2b42fcd607e43d37e7:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ff375d398..b18bc053e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -32,6 +32,20 @@ PP/03 Report version information for many libraries, including
       version.h, now support a version extension string for distributors
       who patch heavily. Dynamic module ABI change.
 
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+      privilege escalation vulnerability whereby the Exim run-time user
+      can cause root to append content of the attacker's choosing to
+      arbitrary files.
+
+PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
+      (Wolfgang Breyha)
+
+PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
+      If dropping privileges for untrusted macros, we disabled normal logging
+      on the basis that it would fail; for the Exim run-time user, this is not
+      the case, and it resulted in successful deliveries going unlogged.
+      Fixed.  Reported by Andreas Metzler.
+
 
 Exim version 4.73
 -----------------