From c7f4ea442a264b5cb3a9ef0eed641f4778dfb5b7 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Thu, 25 Mar 2021 22:48:09 +0100
Subject: CVE-2020-28014, CVE-2021-27216: PID file handling

Arbitrary PID file creation, clobbering, and deletion.
Patch provided by Qualys.

(cherry picked from commit 974f32939a922512b27d9f0a8a1cb5dec60e7d37)
(cherry picked from commit 43c6f0b83200b7082353c50187ef75de3704580a)
---
 doc/doc-txt/ChangeLog | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 4debef807..adf43bc4b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -296,9 +296,12 @@ PP/11 Fix security issue in BDAT state confusion.
 
 HS/03 Die on "/../" in msglog file names
 
-QS/01 Creation of (database) files in $spool_dir: only uid=0 or the euid of
+QS/01 Creation of (database) files in $spool_dir: only uid=0 or the uid of
       the Exim runtime user are allowed to create files.
 
+QS/02 PID file creation/deletion: only possible if uid=0 or uid is the Exim
+      runtime user.
+
 
 Exim version 4.94
 -----------------
-- 
cgit v1.2.3