security fix: imudp emitted a message when a non-permitted sender...v3.20.2

...tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).

1 files changed, 12 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index ee9de415..501c9ff1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 ---------------------------------------------------------------------------
-Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04
+Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04
+- re-release of 3.20.1 with an additional fix, that could also lead
+  to DoS; 3.20.1 has been removed from the official download archives
+- security fix: imudp emitted a message when a non-permitted sender
+  tried to send a message to it. This behaviour is operator-configurable.
+  If enabled, a message was emitted each time. That way an attacker could
+  effectively fill the disk via this facility. The message is now
+  emitted only once in a minute (this currently is a hard-coded limit,
+  if someone comes up with a good reason to make it configurable, we
+  will probably do that).
+---------------------------------------------------------------------------
+Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04
 - security bugfix: $AllowedSender was not honored, all senders were
   permitted instead
 - enhance: regex nomatch option "ZERO" has been added