From 129a5d133927ff8fa4b3f941f83c022d2daf18f3 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 29 Mar 2020 20:59:49 +0100
Subject: Dsearch: require absolute dirname

---
 doc/doc-txt/ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc/doc-txt/ChangeLog')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7e5de8880..9de2e1194 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for
       - the autoreply transport file, log and once options
       - file names used by the redirect router (including filter files)
       - named-queue names
+      - paths used by single-key lookups
       Previously this was permitted.
 
 JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
@@ -159,6 +160,10 @@ JH/33 Fix the dsearch lookup to return an untainted result.  Previously the
 JH/34 Fix the readsocket expansion to not segfault when an empty "options"
       argument is supplied.
 
+JH/35 The dsearch lookup now requires that the directory is an absolute path.
+      Previously this was not checked, and nonempty relative paths made an
+      access under Exim's current working directory.
+
 
 Exim version 4.93
 -----------------
-- 
cgit v1.2.3