summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2021-06-04Testsuite: regen certificates suite with fixed Authority IdentifierJeremy Harris
2021-06-03DKIM: under GnuTLS, permit weak algorithmsJeremy Harris
2021-06-03Testsuite: use higher-spec certs, for more-recent GnuTLS versions which depre...Jeremy Harris
2021-05-28tidyingJeremy Harris
2021-05-28Update testcase output to match newly applied default config limitJeremy Harris
2021-05-28Fix testsuite output for DB casesJeremy Harris
2021-05-28tidyingJeremy Harris
2021-05-28Logging: avoid pause during log-open under testsuiteJeremy Harris
2021-05-28Fix dmarc buildJeremy Harris
2021-05-28Docs: enhance section on redirect router :defer: & :fail:Jeremy Harris
2021-05-27Merge branch 'qualys-2020'Heiko Schlittermann (HS12-RIPE)
2021-05-27Fix BDAT issue for body w/o trailing CRLF (again Bug 1974)Heiko Schlittermann (HS12-RIPE)
2021-05-27testsuite: reproduce BDAT with missing eol (Bug 1974)Heiko Schlittermann (HS12-RIPE)
2021-05-27Cleanup docs on cve-2020-qualys, point to the Exim websiteHeiko Schlittermann (HS12-RIPE)
2021-05-27rewrite: revert to unchecked result of parse_extract_address()Heiko Schlittermann (HS12-RIPE)
2021-05-27Honour the outcome of parse_extract_address(), testsuite 471Heiko Schlittermann (HS12-RIPE)
2021-05-27Update upgrade notes and source about use of seteuid()Heiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28007: Link attack in Exim's log directoryQualys Security Advisory
2021-05-27CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()Heiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Avoid modification of constant data in dkim handlingHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Leave a clean smtp_out input buffer even in case of read errorHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Always exit when LOG_PANIC_DIE is setQualys Security Advisory
2021-05-27CVE-2020-28012: Missing close-on-exec flag for privileged pipeQualys Security Advisory
2021-05-27CVE-2020-28024: Heap buffer underflow in smtp_ungetc()Qualys Security Advisory
2021-05-27CVE-2020-28009: Integer overflow in get_stdinput()Qualys Security Advisory
2021-05-27CVE-2020-28015+28021: New-line injection into spool header fileQualys Security Advisory
2021-05-27CVE-2020-28026: Line truncation and injection in spool_read_header()Heiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28022: Heap out-of-bounds read and write in extract_option()Heiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28017: Integer overflow in receive_add_recipient()Heiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Refuse negative and large store allocationsHeiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()Heiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28011: Heap buffer overflow in queue_run()Qualys Security Advisory
2021-05-27CVE-2020-28010: Heap out-of-bounds write in main()Heiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28018: Use-after-free in tls-openssl.cQualys Security Advisory
2021-05-27CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()Qualys Security Advisory
2021-05-27CVE-2020-28014, CVE-2021-27216: PID file handlingHeiko Schlittermann (HS12-RIPE)
2021-05-27Add priv.c: reworked version of priv dropping codeHeiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28008: Assorted attacks in Exim's spool directoryHeiko Schlittermann (HS12-RIPE)
2021-05-27CVE-2020-28019: Failure to reset function pointer after BDAT errorJeremy Harris
2021-05-27SECURITY: smtp_out: Leave a clean input buffer, even in case of read errorHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Avoid modification of constant dataHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Avoid memory corruption in dkim handlingHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Avoid decrement of dkim_collect_input if already at 0Heiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Check overrun rcpt_count integerHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Fix safeguard against upward traversal in msglog files.Heiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: Don't miss the very last byte when reading long lines from -HHeiko Schlittermann (HS12-RIPE)
2021-05-27SECURITY: off-by-one in smtp transport (read response)Heiko Schlittermann (HS12-RIPE)
2021-05-27Start documenting the things we changed incompatibly.Phil Pennock
2021-05-27Inline four often-called new functionsPhil Pennock
2021-05-27Fixes for compilationJeremy Harris
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-21 21:08:52 +0000