vcs.fsf.org Git - exim.git/commit

author	Todd Lyons <tlyons@exim.org>
	Mon, 26 May 2014 19:14:16 +0000 (12:14 -0700)
committer	Todd Lyons <tlyons@exim.org>
	Mon, 26 May 2014 19:14:16 +0000 (12:14 -0700)
commit	5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0
tree	18486f503facc9bf41244f63ab08da5cfb684d44	tree \| snapshot (zip tar.gz)
parent	69aca2feaca1ebbc55c6f1adaee4738dc328ae90	commit \| diff

SECURITY: DMARC uses From header untrusted data

CVE-2014-2957

To find the sending domain, expand_string() was used to directly parse
  the contents of the From header. This passes untrusted data directly
  into an internal function. Convert to use standard internal parsing
  functions.

src/src/dmarc.c

diff | blob | blame | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom