projects
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from:
5b7a7c0
)
SECURITY: DMARC uses From header untrusted data
exim-4_82_1
author
Todd Lyons
<tlyons@exim.org>
Mon, 26 May 2014 19:14:16 +0000
(12:14 -0700)
committer
Todd Lyons
<tlyons@exim.org>
Mon, 26 May 2014 19:14:16 +0000
(12:14 -0700)
CVE-2014-2957
To find the sending domain, expand_string() was used to directly parse
the contents of the From header. This passes untrusted data directly
into an internal function. Convert to use standard internal parsing
functions.
No differences found