Hello, find attached a trivial patch to move the 4.98.2 changes to the correct place in the changelog and add the full 4.98.1 changelog.
cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
>From 19a5e1c9aa7876a5d06cb1703a512476e7827d1e Mon Sep 17 00:00:00 2001 From: Andreas Metzler <[email protected]> Date: Sat, 29 Mar 2025 10:59:27 +0100 Subject: [PATCH] Properly merge 4.98.1/4.98.2 changes --- doc/doc-txt/ChangeLog | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index bae79b2f5..a8d507cd5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,22 +2,10 @@ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. Exim version 4.99 ----------------- -Exim version 4.98.2 -------------------- - -This is a security release, addressing CVE-2025-30232 - -JH/01 Fix use-after-free notified by Trend Micro (ref: ZDI-CAN-26250). - Null out debug_pretrigger_buf pointer before freeing the buffer; - the use of this buffer by the storage management checks the pointer - for non-null before using it. - -Exim version 4.98.1 -------------------- JH/01 Use fewer forks & execs for sending many messages to a single host. By passing back more info from the transport to the delivery process, we can loop there. A two-phase queue run will benefit, particularly for mailinglist and smarthost cases. @@ -167,12 +155,30 @@ JH/33 Support for TCP-wrappers is withdrawn. The functionality has always JH/34 Bug 3142: Ensure ack-of-QUIT is pushed. Previously, on a non-TLS connection, this would be delayed by the pause needed to try to get the TCP TIMEWAIT state held by the client rather than the server. +Exim version 4.98.2 +------------------- + +This is a security release, addressing CVE-2025-30232 + +JH/01 Fix use-after-free notified by Trend Micro (ref: ZDI-CAN-26250). + Null out debug_pretrigger_buf pointer before freeing the buffer; + the use of this buffer by the storage management checks the pointer + for non-null before using it. + +Exim version 4.98.1 +------------------- + +This is a security release, addressing CVE-2025-26794 + +JH/01 Serialization of SMTP commands is based on the MD5 sum of + the command's argument. HS/01 Prevent SQL injection for the hints database. + Exim version 4.98 ----------------- JH/01 Support list of dkim results in the dkim_status ACL condition, making it more usable in the data ACL. -- 2.47.2
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
