From 57aa14b216432be381b6295c312065b2fd034f86 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Tue, 5 May 2020 21:02:14 +0100
Subject: Fix SPA authenticator, checking client-supplied data before using it.
  Bug 2571

---
 doc/doc-txt/ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1d685a130..6109a14dd 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -184,6 +184,11 @@ JH/40 Fix a memory-handling bug: when a connection carried multiple messages
       stale data could be accessed.  Ensure that variable references are
       dropped between messages.
 
+JH/41 Bug 2571: Fix SPA authenticator.  Running as a server, an offset supplied
+      by the client was not checked as pointing within response data before
+      being used.  A malicious client could thus cause an out-of-bounds read and
+      possibly gain authentication.  Fix by adding the check.
+
 
 Exim version 4.93
 -----------------
-- 
cgit v1.2.3