projects
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from:
5b7a7c0
)
SECURITY: DMARC uses From header untrusted data
exim-4_82_1
author
Todd Lyons
<tlyons@exim.org>
Mon, 26 May 2014 19:14:16 +0000
(12:14 -0700)
committer
Todd Lyons
<tlyons@exim.org>
Mon, 26 May 2014 19:14:16 +0000
(12:14 -0700)
CVE-2014-2957
To find the sending domain, expand_string() was used to directly parse
the contents of the From header. This passes untrusted data directly
into an internal function. Convert to use standard internal parsing
functions.
No differences found
projects / exim.git / commitdiff