summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Fix tainted message for fakerejectexim-4.94+fixesJeremy Harris2021-07-102-1/+7
* Named Queues: fix immediate-delivery. Bug 2743Jeremy Harris2021-05-125-2/+21
* Merge branch 'exim-4.94+fixes' of ssh://git.exim.org/home/git/exim into exim-...Heiko Schlittermann (HS12-RIPE)2021-05-094-4/+7
|\
| * Fix ${ipv6norm:}Jeremy Harris2021-05-044-4/+7
* | Cleanup docs on cve-2020-qualys, point to the Exim websiteexim-4.94.1Heiko Schlittermann (HS12-RIPE)2021-04-281-0/+2
* | rewrite: revert to unchecked result of parse_extract_address()Heiko Schlittermann (HS12-RIPE)2021-04-281-1/+17
* | Honour the outcome of parse_extract_address(), testsuite 471Heiko Schlittermann (HS12-RIPE)2021-04-286-16/+111
* | CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()Qualys Security Advisory2021-04-283-3/+5
* | Remove merge artifactHeiko Schlittermann (HS12-RIPE)2021-04-281-1/+0
* | Update upgrade notes and source about use of seteuid()Heiko Schlittermann (HS12-RIPE)2021-04-282-10/+14
* | CVE-2020-28007: Link attack in Exim's log directoryQualys Security Advisory2021-04-285-182/+234
* | CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()Heiko Schlittermann (HS12-RIPE)2021-04-281-3/+3
* | SECURITY: Avoid modification of constant data in dkim handlingHeiko Schlittermann (HS12-RIPE)2021-04-281-5/+5
* | SECURITY: Leave a clean smtp_out input buffer even in case of read errorHeiko Schlittermann (HS12-RIPE)2021-04-281-1/+2
* | SECURITY: Always exit when LOG_PANIC_DIE is setQualys Security Advisory2021-04-282-0/+5
* | CVE-2020-28012: Missing close-on-exec flag for privileged pipeQualys Security Advisory2021-04-282-0/+8
* | CVE-2020-28024: Heap buffer underflow in smtp_ungetc()Qualys Security Advisory2021-04-282-0/+6
* | CVE-2020-28009: Integer overflow in get_stdinput()Qualys Security Advisory2021-04-281-1/+18
* | CVE-2020-28015+28021: New-line injection into spool header fileQualys Security Advisory2021-04-281-5/+18
* | CVE-2020-28026: Line truncation and injection in spool_read_header()Heiko Schlittermann (HS12-RIPE)2021-04-281-16/+32
* | CVE-2020-28022: Heap out-of-bounds read and write in extract_option()Heiko Schlittermann (HS12-RIPE)2021-04-281-9/+14
* | CVE-2020-28017: Integer overflow in receive_add_recipient()Heiko Schlittermann (HS12-RIPE)2021-04-281-6/+6
* | SECURITY: Refuse negative and large store allocationsHeiko Schlittermann (HS12-RIPE)2021-04-281-6/+12
* | CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()Heiko Schlittermann (HS12-RIPE)2021-04-281-6/+1
* | CVE-2020-28011: Heap buffer overflow in queue_run()Qualys Security Advisory2021-04-281-4/+10
* | CVE-2020-28010: Heap out-of-bounds write in main()Heiko Schlittermann (HS12-RIPE)2021-04-281-6/+3
* | CVE-2020-28018: Use-after-free in tls-openssl.cQualys Security Advisory2021-04-281-4/+0
* | CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()Qualys Security Advisory2021-04-281-1/+1
* | CVE-2020-28014, CVE-2021-27216: PID file handlingHeiko Schlittermann (HS12-RIPE)2021-04-284-43/+149
* | Add priv.c: reworked version of priv dropping codeHeiko Schlittermann (HS12-RIPE)2021-04-2814-73/+81
* | CVE-2020-28008: Assorted attacks in Exim's spool directoryHeiko Schlittermann (HS12-RIPE)2021-04-2811-57/+77
* | CVE-2020-28019: Failure to reset function pointer after BDAT errorJeremy Harris2021-04-281-1/+14
* | SECURITY: smtp_out: Leave a clean input buffer, even in case of read errorHeiko Schlittermann (HS12-RIPE)2021-04-281-2/+3
* | SECURITY: Avoid modification of constant dataHeiko Schlittermann (HS12-RIPE)2021-04-281-8/+9
* | SECURITY: Avoid memory corruption in dkim handlingHeiko Schlittermann (HS12-RIPE)2021-04-281-6/+8
* | SECURITY: Avoid decrement of dkim_collect_input if already at 0Heiko Schlittermann (HS12-RIPE)2021-04-281-1/+1
* | SECURITY: Check overrun rcpt_count integerHeiko Schlittermann (HS12-RIPE)2021-04-281-1/+5
* | SECURITY: Fix safeguard against upward traversal in msglog files.Heiko Schlittermann (HS12-RIPE)2021-04-282-1/+3
* | SECURITY: Don't miss the very last byte when reading long lines from -HHeiko Schlittermann (HS12-RIPE)2021-04-281-1/+1
* | SECURITY: off-by-one in smtp transport (read response)Heiko Schlittermann (HS12-RIPE)2021-04-281-2/+2
* | Start documenting the things we changed incompatibly.Phil Pennock2021-04-281-0/+18
* | Inline four often-called new functionsPhil Pennock2021-04-282-6/+6
* | Fixes for compilationJeremy Harris2021-04-2815-257/+309
* | SECURITY: rework BDAT receive function handlingPhil Pennock2021-04-283-19/+55
* | SECURITY: fix SMTP verb option parsingPhil Pennock2021-04-282-2/+6
* | SECURITY: Avoid integer overflow on too many recipientsPhil Pennock2021-04-282-0/+12
* | SECURITY: default recipients_max to 50,000Phil Pennock2021-04-284-3/+5
* | SECURITY: a second negative store guardPhil Pennock2021-04-281-0/+7
* | SECURITY: refuse too small store allocationsPhil Pennock2021-04-282-1/+14
* | SECURITY: fix Qualys CVE-2020-PFPZAPhil Pennock2021-04-282-0/+8
View Lorry Controller Status