aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2007-08-29 11:28:04 +0000
committerMatthias Andree <matthias.andree@gmx.de>2007-08-29 11:28:04 +0000
commit8ce089207a5f2cdd352b33989407c80a27c5fbf7 (patch)
tree1b3fbdacda8cef5f169dcc1d9dc00742c33ab588
parent5f54ceb284bf427a3cdbd2a11b446c3ee6fc72e4 (diff)
downloadfetchmail-8ce089207a5f2cdd352b33989407c80a27c5fbf7.tar.gz
fetchmail-8ce089207a5f2cdd352b33989407c80a27c5fbf7.tar.bz2
fetchmail-8ce089207a5f2cdd352b33989407c80a27c5fbf7.zip
Add CVE number.
svn path=/branches/BRANCH_6-3/; revision=5126
-rw-r--r--NEWS4
1 files changed, 2 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index d8e26998..0ef1534d 100644
--- a/NEWS
+++ b/NEWS
@@ -45,7 +45,7 @@ be removed from a 6.4.0 or newer release.)
fetchmail 6.3.9 (not yet released):
# SECURITY FIX:
-* CVE-2007-XXXX: Denial of service: When fetchmail tries to inject a warning
+* CVE-2007-4565: Denial of service: When fetchmail tries to inject a warning
message it created itself, and the message is refused by the SMTP listener,
fetchmail dereferences a NULL pointer and crashes. Report & fix by Earl Chew.
Note while this is theoretically a remote denial of service attack vector,
@@ -53,7 +53,7 @@ fetchmail 6.3.9 (not yet released):
rather low.
This bug was apparently introduced on 1998-11-27 when the bouncemail facility
was modularized. The bug made then its appearance in fetchmail release 4.6.8.
- See fetchmail-SA-2007-02.txt.
+ See also fetchmail-SA-2007-02.txt.
# BUG FIXES:
* The configure script will additionally check for 'dn_skipname', to fix build