# HG changeset patch
# User markus schnalke <meillo@marmaro.de>
# Date 1314463135 -7200
# Node ID 2d4aa516ba0e14312c72423366ace73a17dfd964
# Parent  ef346dc675144145f4cf12754bfddf25ecf62989
updated ChangeLog and NEWS

diff -r ef346dc67514 -r 2d4aa516ba0e ChangeLog
--- a/ChangeLog	Sat Aug 27 18:35:19 2011 +0200
+++ b/ChangeLog	Sat Aug 27 18:38:55 2011 +0200
@@ -7,6 +7,14 @@
 technical speach and with focus on compatibility.
 
 
+0.3.3  Sat, 27 Aug 2011 18:35:34 +0200
+	* Fixed a possible security problem, reported by John Lightsey. See
+	  Debian bug #638002. The return value of seteuid() calls was handled
+	  wrong or not at all. Now, the (already available) set_euidgid()
+	  function is used when possible. Additionally, removed the unnecessary
+	  identity change when writing into an already open file descriptor.
+	* Added debug level 9 for msgs to stderr during reading config.
+
 0.3.2  Fri, 03 Jun 2011 10:14:33 +0200
 	* Fixed an important bug with folded headers! The folded lines
 	  of a long header would be ignored in unpredictable cases.
diff -r ef346dc67514 -r 2d4aa516ba0e NEWS
--- a/NEWS	Sat Aug 27 18:35:19 2011 +0200
+++ b/NEWS	Sat Aug 27 18:38:55 2011 +0200
@@ -7,6 +7,12 @@
 The manual pages describe newly added options. Take them for reference.
 
 
+0.3.3
+
+-  Fixed a possible security problem, reported by John Lightsey. Unwanted
+identity changes to the user root could have appeared.
+
+
 0.3.2
 
 - Fixed an important bug with folded headers! In earlier versions mail