From 87cb4a166c47b57df48c2918e47801d77639fbb0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 16 Dec 2016 20:45:44 +0000 Subject: Fix DKIM information leakage --- doc/doc-docbook/spec.xfpt | 1 + doc/doc-txt/ChangeLog | 4 ++++ 2 files changed, 5 insertions(+) (limited to 'doc') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0598eccc8..5324be398 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -38273,6 +38273,7 @@ These options take (expandable) strings as arguments. MANDATORY: The domain you want to sign with. The result of this expanded option is put into the &%$dkim_domain%& expansion variable. +If it is empty after expansion, DKIM signing is not done. .option dkim_selector smtp string&!! unset MANDATORY: diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 156413fcd..926a36dc1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -143,6 +143,10 @@ HS/02 Bug 1802: Do not half-close the connection after sending a request HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2 fallback to "prime256v1". +JH/34 SECURITY: Use proper copy of DATA command in error message. + Could leak key material. Remotely explaoitable. CVE-2016-9963. + + Exim version 4.87 ----------------- JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 -- cgit v1.2.3