DKIM: enforce limit of 20 on received DKIM-Signature: headers. Bug 2269

author: Jeremy Harris <jgh146exb@wizmail.org> 2018-04-23 11:26:52 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-04-23 11:38:59 +0100
commit: 64b67b658a37dd780cc1b2fd0ef87febe461a0ba (patch)
tree: 5b87a30f0cb6e0641b57fe18209f711807784a13 /doc
parent: bdf9ce828c5e29351eabbd29c88c459522811b67 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index bceb22cc3..3e19066a9 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -12,7 +12,11 @@ JH/01 Remove code calling the customisable local_scan function, unless a new
       definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile.
 
 JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
-      non-signal-safe funxtions being used.
+      non-signal-safe functions being used.
+
+JH/03 Bug 2269: When presented with a received message having a stupidly large
+      number of DKIM-Signature headers, disable DKIM verification to avoid
+      a resource-consumption attack.  The limit is set at twenty.
 
 
 Exim version 4.91
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-04-23 11:26:52 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-04-23 11:38:59 +0100
commit	64b67b658a37dd780cc1b2fd0ef87febe461a0ba (patch)
tree	5b87a30f0cb6e0641b57fe18209f711807784a13 /doc
parent	bdf9ce828c5e29351eabbd29c88c459522811b67 (diff)