git » chasquid » commit a14ba10

docs: Add CVE-2023-52354 links to the release notes

author Alberto Bertogli
2024-01-22 20:27:42 UTC
committer Alberto Bertogli
2024-02-05 00:04:50 UTC
parent 36c5139da4c7c4cde413d81455b14e975f162ca8
docs: Add CVE-2023-52354 links to the release notes

The SMTP smuggling vulnerability fixed in 1.13 (and 1.11.1) has been
given a CVE number: CVE-2023-52354
(https://nvd.nist.gov/vuln/detail/CVE-2023-52354).

This patch adds a link to it in the release notes, for ease of reference.
docs/relnotes.md +4 -2 
diff --git a/docs/relnotes.md b/docs/relnotes.md
index 026d899..c60585a 100644
--- a/docs/relnotes.md
+++ b/docs/relnotes.md
@@ -10,7 +10,8 @@ noting backward-incompatible changes or known security issues.
 Security fixes:
 
 - Strict CRLF enforcement in DATA contents, to prevent [SMTP smuggling
-  attacks](https://www.postfix.org/smtp-smuggling.html). \
+  attacks](https://www.postfix.org/smtp-smuggling.html)
+  ([CVE-2023-52354](https://nvd.nist.gov/vuln/detail/CVE-2023-52354)). \
   [RFC5322](https://www.rfc-editor.org/rfc/rfc5322#section-2.3) and
   [RFC5321](https://www.rfc-editor.org/rfc/rfc5321#section-2.3.8) say
   that the only valid newline terminator in SMTP is CRLF. \
@@ -51,7 +52,8 @@ Other changes:
 ### 1.11.1 (2023-12-26)
 
 Backport the security fixes from 1.13 (*Strict CRLF enforcement in DATA
-contents*).
+contents*, fixes
+[CVE-2023-52354](https://nvd.nist.gov/vuln/detail/CVE-2023-52354)).
 
 
 ## 1.10 (2022-09-01)