Fix base64d() buffer size (CVE-2018-6789)

Credits for discovering this bug: Meh Chang <meh@devco.re> (cherry picked from commit 062990cc1b2f9e5d82a413b53c8f0569075de700)
author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2018-02-05 22:23:32 +0100
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2018-02-10 21:55:13 +0100
commit: cf3cd306062a08969c41a1cdd32c6855f1abecf1 (patch)
tree: 3de2ffd314a4419b2516348b88eaadf875584f75 /doc
parent: 38e3d2dff7982736f1e6833e06d4aab4652f337a (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1ee00168f..8ae418ab1 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -5,8 +5,8 @@ affect Exim's operation, with an unchanged configuration file.  For new
 options, and new features, see the NewStuff file next to this ChangeLog.
 
 
-Exim version 4.91
------------------
+Since Exim version 4.90
+-----------------------
 
 JH/01 Replace the store_release() internal interface with store_newblock(),
       which internalises the check required to safely use the old one, plus
@@ -82,6 +82,8 @@ JH/15 Relax results from ACL control request to enable cutthrough, in
       ignoring.  This covers use with PRDR, frozen messages, queue-only and
       fake-reject.
 
+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)
+
 JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
       metadata, resulting in a crash in free().
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2018-02-05 22:23:32 +0100
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2018-02-10 21:55:13 +0100
commit	cf3cd306062a08969c41a1cdd32c6855f1abecf1 (patch)
tree	3de2ffd314a4419b2516348b88eaadf875584f75 /doc
parent	38e3d2dff7982736f1e6833e06d4aab4652f337a (diff)