Documentation/Tests for CVE-2014-2972 fixexim-4_83

author: Todd Lyons <tlyons@exim.org> 2014-07-18 11:42:08 -0700
committer: Todd Lyons <tlyons@exim.org> 2014-07-21 07:28:07 -0700
commit: 0de7239e563eff6e83c3e72d7deb9fd26a54a3a7 (patch)
tree: 12c6d4be2fe5533782197ff8124530f8113cfc0c /doc/doc-txt/ChangeLog
parent: 7685ce68148a083d7759e78d01aa5198fc099c44 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 770b106a5..61086c7e2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -150,6 +150,10 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123
 
 JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
 
+TL/15 SECURITY: prevent double expansion in math comparison functions
+      (can expand unsanitized data). Not remotely exploitable.
+      CVE-2014-2972
+
 
 Exim version 4.82
 -----------------
author	Todd Lyons <tlyons@exim.org>	2014-07-18 11:42:08 -0700
committer	Todd Lyons <tlyons@exim.org>	2014-07-21 07:28:07 -0700
commit	0de7239e563eff6e83c3e72d7deb9fd26a54a3a7 (patch)
tree	12c6d4be2fe5533782197ff8124530f8113cfc0c /doc/doc-txt/ChangeLog
parent	7685ce68148a083d7759e78d01aa5198fc099c44 (diff)