From 0de7239e563eff6e83c3e72d7deb9fd26a54a3a7 Mon Sep 17 00:00:00 2001
From: Todd Lyons <tlyons@exim.org>
Date: Fri, 18 Jul 2014 11:42:08 -0700
Subject: Documentation/Tests for CVE-2014-2972 fix

---
 doc/doc-txt/ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/doc-txt/ChangeLog')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 770b106a5..61086c7e2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -150,6 +150,10 @@ PP/02 Fix internal collision of T_APL on systems which support RFC3123
 
 JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
 
+TL/15 SECURITY: prevent double expansion in math comparison functions
+      (can expand unsanitized data). Not remotely exploitable.
+      CVE-2014-2972
+
 
 Exim version 4.82
 -----------------
-- 
cgit v1.2.3