From 4e7ee01264c430b044fd81cbc79a09ee0348d018 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 24 Mar 2011 04:40:33 -0400 Subject: Also memset(.., 0, ..) the pre-TLS input buffer. --- doc/doc-txt/ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc/doc-txt') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 37c7f216f..ce78086a6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -18,7 +18,8 @@ PP/04 New "dns_use_edns0" global option. PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. Bugzilla 1098. -PP/06 Extra paranoia around STARTTLS-with-data-in-buffer. +PP/06 Extra paranoia around buffer usage at the STARTTLS transition. + nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 Exim version 4.75 -- cgit v1.2.3