SECURITY: length limits on many cmdline options

We'll also now abort upon, rather than silently truncate, a driver name (router, transport, ACL, etc) encountered in the config which is longer than the 64-char limit. (cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f) (cherry picked from commit a8bd24b96c2027fd839f95a9e6b3282453ae288e)
author: Phil Pennock <phil+git@pennock-tech.com> 2020-10-29 18:11:35 -0400
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2021-05-27 21:30:23 +0200
commit: c1fb74d63ecf0cd1501e53352419bfdfd154b7ea (patch)
tree: 29f09bbdc38c0f6d47d3551e8c1b4aa106d3d060 /doc/doc-txt
parent: 66c014bb0d4972b7d5915795dec376535089740c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 58ba70f02..4c6eb810e 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -263,6 +263,12 @@ PP/02 Bug 2643: Correct TLS DH constants.
       incorrect Diffie-Hellman constants in the Exim source.
       Reported by kylon94, code-gen tool fix by Simon Arlott.
 
+PP/03 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
+      better.  Reported by Qualys.
+
+PP/04 Impose security length checks on various command-line options.
+      Fixes CVE-2020-SPRSS reported by Qualys.
+
 
 Exim version 4.94
 -----------------
author	Phil Pennock <phil+git@pennock-tech.com>	2020-10-29 18:11:35 -0400
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:23 +0200
commit	c1fb74d63ecf0cd1501e53352419bfdfd154b7ea (patch)
tree	29f09bbdc38c0f6d47d3551e8c1b4aa106d3d060 /doc/doc-txt
parent	66c014bb0d4972b7d5915795dec376535089740c (diff)