From 4263f395efd136dece52d765dfcff3c96f17506e Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Wed, 24 Oct 2012 23:26:29 -0400 Subject: SECURITY: DKIM DNS buffer overflow protection CVE-2012-5671 malloc/heap overflow, with a 60kB window of overwrite. Requires DNS under control of person sending email, leaves plenty of evidence, but is very likely exploitable on OSes that have not been well hardened. --- doc/doc-txt/ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/doc-txt') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6c0554b5a..bc2fbc671 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. + + Exim version 4.80 ----------------- -- cgit v1.2.3