SECURITY: fix SMTP verb option parsing

A boundary case in looking for an opening quote before the closing quote could walk off the front of the buffer. (cherry picked from commit 515d8d43a18481d23d7cf410b8dc71b4e254ebb8) (cherry picked from commit 467948de0c407bd2bbc2e84abbbf09f35b035538)
author: Phil Pennock <phil+git@pennock-tech.com> 2020-10-29 22:40:59 -0400
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2021-05-27 21:30:30 +0200
commit: 518f0a0dd6df6f0d0ea51bfa126982d134e7a7ff (patch)
tree: 0b32bf62a154a2f8c036313e630089a939f4ded0 /doc
parent: 0695aae1eb75b439862d0f7fbf099b5d08f55af0 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3d0e638d2..9837d6c0f 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -285,6 +285,9 @@ PP/09 Fix security issue with too many recipients on a message (to remove a
       or if local additions add to the recipient list).
       Fixes CVE-2020-RCPTL reported by Qualys.
 
+PP/10 Fix security issue in SMTP verb option parsing
+      Fixes CVE-2020-EXOPT reported by Qualys.
+
 
 Exim version 4.94
 -----------------
author	Phil Pennock <phil+git@pennock-tech.com>	2020-10-29 22:40:59 -0400
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:30 +0200
commit	518f0a0dd6df6f0d0ea51bfa126982d134e7a7ff (patch)
tree	0b32bf62a154a2f8c036313e630089a939f4ded0 /doc
parent	0695aae1eb75b439862d0f7fbf099b5d08f55af0 (diff)