diff options
| author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-03-25 22:48:09 +0100 |
|---|---|---|
| committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:43 +0200 |
| commit | c7f4ea442a264b5cb3a9ef0eed641f4778dfb5b7 (patch) | |
| tree | 2bdd021e3da3fb7792cab94d5c1587bc5e64cf4f /doc | |
| parent | 84dcbc72b968ebc666387874171580463f1944dd (diff) | |
CVE-2020-28014, CVE-2021-27216: PID file handling
Arbitrary PID file creation, clobbering, and deletion.
Patch provided by Qualys.
(cherry picked from commit 974f32939a922512b27d9f0a8a1cb5dec60e7d37)
(cherry picked from commit 43c6f0b83200b7082353c50187ef75de3704580a)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-txt/ChangeLog | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4debef807..adf43bc4b 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -296,9 +296,12 @@ PP/11 Fix security issue in BDAT state confusion. HS/03 Die on "/../" in msglog file names -QS/01 Creation of (database) files in $spool_dir: only uid=0 or the euid of +QS/01 Creation of (database) files in $spool_dir: only uid=0 or the uid of the Exim runtime user are allowed to create files. +QS/02 PID file creation/deletion: only possible if uid=0 or uid is the Exim + runtime user. + Exim version 4.94 ----------------- |