From 36771878fa93a04ecf5bdd71ad3c3c380a16aa03 Mon Sep 17 00:00:00 2001
From: Phil Pennock <phil+git@pennock-tech.com>
Date: Thu, 29 Oct 2020 23:21:36 -0400
Subject: SECURITY: rework BDAT receive function handling

(cherry picked from commit dd1b9b753bb7c42df2b8f48d726b82928b67940b)
(cherry picked from commit 96fb195ebc2eb6790e6ad6dde46d478aee62198d)
---
 doc/doc-txt/ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9837d6c0f..0e008c985 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -288,6 +288,12 @@ PP/09 Fix security issue with too many recipients on a message (to remove a
 PP/10 Fix security issue in SMTP verb option parsing
       Fixes CVE-2020-EXOPT reported by Qualys.
 
+PP/11 Fix security issue in BDAT state confusion.
+      Ensure we reset known-good where we know we need to not be reading BDAT
+      data, as a general case fix, and move the places where we switch to BDAT
+      mode until after various protocol state checks.
+      Fixes CVE-2020-BDATA reported by Qualys.
+
 
 Exim version 4.94
 -----------------
-- 
cgit v1.2.3