diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2008-06-17 12:43:03 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2008-06-17 12:43:03 +0000 |
| commit | d344694f96268b7cda5bcdcb927665b2e7e19af3 (patch) | |
| tree | 9ada4123ee5e601b358c6c582935a4695269865c | |
| parent | 20afc0193ac8d87b93de813b44f2a76552f71639 (diff) | |
| download | fetchmail-d344694f96268b7cda5bcdcb927665b2e7e19af3.tar.gz fetchmail-d344694f96268b7cda5bcdcb927665b2e7e19af3.tar.bz2 fetchmail-d344694f96268b7cda5bcdcb927665b2e7e19af3.zip | |
Add CVE Name CVE-2008-2711 for fetchmail-SA-2008-01.
svn path=/branches/BRANCH_6-3/; revision=5196
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | fetchmail-SA-2008-01.txt | 11 |
2 files changed, 8 insertions, 5 deletions
@@ -54,7 +54,7 @@ fetchmail 6.3.9 (not yet released): This bug was apparently introduced on 1998-11-27 when the bouncemail facility was modularized. The bug then made its appearance in fetchmail release 4.6.8. See also fetchmail-SA-2007-02.txt. -* CVE-2008-XXXX: Denial of service: When fetchmail logs data blobs +* CVE-2008-2711: Denial of service: When fetchmail logs data blobs (for instance, a To: header in -v -v verbose mode) in excess of 2048 bytes, it will crash, because it hands an uninitialized argument pointer (not the format string though) to vsnprintf and reads a diff --git a/fetchmail-SA-2008-01.txt b/fetchmail-SA-2008-01.txt index 6852ff14..a74fb081 100644 --- a/fetchmail-SA-2008-01.txt +++ b/fetchmail-SA-2008-01.txt @@ -4,14 +4,14 @@ Topics: Crash in large log messages in verbose mode. Author: Matthias Andree Version: 1.0 -Announced: +Announced: 2008-06-17 Type: Dereferencing garbage pointer trigged by outside circumstances Impact: denial of service possible Danger: low CVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C) Credits: Petr Uzel (fix), Petr Cerny (analysis), Gunter Nau (bug report) -CVE Name: XXX +CVE Name: CVE-2008-2711 URL: http://www.fetchmail.info/fetchmail-SA-2008-01.txt Project URL: http://www.fetchmail.info/ @@ -20,15 +20,18 @@ Affects: fetchmail release < 6.3.9 exclusively Not affected: fetchmail release 6.3.9 and newer systems without varargs (stdargs.h) support. -Corrected: 2008-06-13 fetchmail SVN (rev XXX) +Corrected: 2008-06-13 fetchmail SVN (rev 5193) References: <https://bugzilla.novell.com/show_bug.cgi?id=354291> <http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824> + 0. Release history ================== -2008-06-13 1.0 first draft for MITRE/CVE (visible in SVN) +2008-06-13 1.0 first draft for MITRE/CVE (visible in SVN, + posted to oss-security) +2008-06-17 1.0 published on http://www.fetchmail.info/ 1. Background |