From 3c90bbcdc7cf73298156f7bcd5f5e750e7814e72 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 9 Jul 2020 15:30:55 +0100
Subject: Fix taint trap in parse_fix_phrase().  Bug 2617

---
 doc/doc-txt/ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc/doc-txt')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 8d368c8f3..6d688d1b4 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -86,6 +86,12 @@ JH/17 Bug 2295: Fix DKIM signing to always semicolon-terminate.  Although the
       intended but triggered by a line-wrap alignement.  Discovery and fix by
       Guillaume Outters, hacked on by JH.
 
+JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase().  Previously when the
+      name being quoted was tainted a trap would be taken.  Fix by using
+      dynamicaly created buffers.  The routine could have been called by a
+      rewrite with the "h" flag, by using the "-F" command-line option, or
+      by using a "name=" option on a control=submission ACL modifier.
+
 
 Exim version 4.94
 -----------------
-- 
cgit v1.2.3