From c1d94452b1b7f3620ee3cc9aa197ad98821de79f Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Sat, 11 Dec 2010 13:44:55 +0000
Subject: Don't allow a configure file which is writeable by the Exim user or
 group

(Bug 1044, CVE-2010-4345)
---
 doc/doc-txt/ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/doc-txt')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ccc5d79ad..99a6f176b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -74,6 +74,10 @@ PP/20 Added a CONTRIBUTING file.  Fixed the documentation build to use http:
 DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
       access.
 
+DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
+      of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
+      configuration file which is writeable by the Exim user or group.
+
 
 Exim version 4.72
 -----------------
-- 
cgit v1.2.3