aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2005-10-27 08:15:47 +0000
committerMatthias Andree <matthias.andree@gmx.de>2005-10-27 08:15:47 +0000
commit2839204e8160dc13d57e861fe0374410cebd3de2 (patch)
treee71e3976251a45ff18e866f7398487f848426181
parent92fd7b20390af30051fc4bb87e222cf389948dd3 (diff)
downloadfetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.tar.gz
fetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.tar.bz2
fetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.zip
Update.
svn path=/trunk/; revision=4367
-rw-r--r--fetchmail-SA-2005-01.txt5
-rw-r--r--fetchmail-SA-2005-02.txt13
2 files changed, 11 insertions, 7 deletions
diff --git a/fetchmail-SA-2005-01.txt b/fetchmail-SA-2005-01.txt
index ed10cfc1..753234e2 100644
--- a/fetchmail-SA-2005-01.txt
+++ b/fetchmail-SA-2005-01.txt
@@ -3,7 +3,7 @@ fetchmail-SA-2005-01: security announcement
Topic: remote code injection vulnerability in fetchmail
Author: Matthias Andree
-Version: 1.02
+Version: 1.03
Announced: 2005-07-21
Type: buffer overrun/stack corruption/code injection
Impact: account or system compromise possible through malicious
@@ -12,7 +12,7 @@ Danger: high: in sensitive configurations, a full system
compromise is possible
(for 6.2.5.1: denial of service for the whole fetchmail
system is possible)
-CVE Name: CAN-2005-2335
+CVE Name: CVE-2005-2335
URL: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762
http://www.vuxml.org/freebsd/3497d7be-2fef-45f4-8162-9063751b573a.html
@@ -55,6 +55,7 @@ Corrected: 2005-07-22 01:37 UTC (SVN) - committed bugfix (r4157)
- Add FreeBSD VuXML URL for 6.2.5.1.
- Add heise security URL.
- Mention release of 6.2.5.2 tarball.
+2005-10-27 1.03 - Update CVE Name after CVE naming change
1. Background
diff --git a/fetchmail-SA-2005-02.txt b/fetchmail-SA-2005-02.txt
index 68131d63..375c8ef4 100644
--- a/fetchmail-SA-2005-02.txt
+++ b/fetchmail-SA-2005-02.txt
@@ -3,14 +3,14 @@ fetchmail-SA-2005-02: security announcement
Topic: password exposure in fetchmailconf
Author: Matthias Andree
-Version: 1.01
+Version: 1.02
Announced: 2005-10-21
Type: insecure creation of file
Impact: passwords are written to a world-readable file
Danger: medium
Credits: Thomas Wolff, Miloslav Trmac for pointing out
that fetchmailconf 1.43.1 was also flawed
-CVE Name: CAN-2005-3088
+CVE Name: CVE-2005-3088
URL: http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
Affects: fetchmail version 6.2.5.2
@@ -32,9 +32,12 @@ Corrected: 2005-09-28 01:14 UTC (SVN) - committed bugfix (r4351)
0. Release history
==================
-2005-10-21 1.00 (shipped with -rc6)
-2005-10-21 1.01 (marked 1.43.1 vulnerable, revised section 4,
- added Credits)
+2005-10-21 1.00 - initial version (shipped with -rc6)
+2005-10-21 1.01 - marked 1.43.1 vulnerable
+ - revised section 4
+ - added Credits
+2005-10-27 1.02 - reformatted section 0
+ - updated CVE Name to new naming scheme
1. Background
=============