From 92b0827a90559a266bd00662d842b643ac8bdc81 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 22 Sep 2016 22:55:49 +0100
Subject: Defend against symlink attack by another process running as exim

Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
---
 doc/doc-txt/ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b920d92cc..28007d01f 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -99,6 +99,11 @@ JH/26 Fix problem with one_time used on a redirect router which returned the
       delivered, so not attempt the (identical) child.  As a result mail would
       be lost.
 
+JH/27 Fix a possible security hole, wherein a process operating with the Exim
+      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
+      discovery and writeup.  Ubuntu bug 1580454; no bug raised against Exim
+      itself :(
+
 
 Exim version 4.87
 -----------------
-- 
cgit v1.2.3