diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2005-10-27 08:15:47 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2005-10-27 08:15:47 +0000 |
commit | 2839204e8160dc13d57e861fe0374410cebd3de2 (patch) | |
tree | e71e3976251a45ff18e866f7398487f848426181 | |
parent | 92fd7b20390af30051fc4bb87e222cf389948dd3 (diff) | |
download | fetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.tar.gz fetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.tar.bz2 fetchmail-2839204e8160dc13d57e861fe0374410cebd3de2.zip |
Update.
svn path=/trunk/; revision=4367
-rw-r--r-- | fetchmail-SA-2005-01.txt | 5 | ||||
-rw-r--r-- | fetchmail-SA-2005-02.txt | 13 |
2 files changed, 11 insertions, 7 deletions
diff --git a/fetchmail-SA-2005-01.txt b/fetchmail-SA-2005-01.txt index ed10cfc1..753234e2 100644 --- a/fetchmail-SA-2005-01.txt +++ b/fetchmail-SA-2005-01.txt @@ -3,7 +3,7 @@ fetchmail-SA-2005-01: security announcement Topic: remote code injection vulnerability in fetchmail Author: Matthias Andree -Version: 1.02 +Version: 1.03 Announced: 2005-07-21 Type: buffer overrun/stack corruption/code injection Impact: account or system compromise possible through malicious @@ -12,7 +12,7 @@ Danger: high: in sensitive configurations, a full system compromise is possible (for 6.2.5.1: denial of service for the whole fetchmail system is possible) -CVE Name: CAN-2005-2335 +CVE Name: CVE-2005-2335 URL: http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762 http://www.vuxml.org/freebsd/3497d7be-2fef-45f4-8162-9063751b573a.html @@ -55,6 +55,7 @@ Corrected: 2005-07-22 01:37 UTC (SVN) - committed bugfix (r4157) - Add FreeBSD VuXML URL for 6.2.5.1. - Add heise security URL. - Mention release of 6.2.5.2 tarball. +2005-10-27 1.03 - Update CVE Name after CVE naming change 1. Background diff --git a/fetchmail-SA-2005-02.txt b/fetchmail-SA-2005-02.txt index 68131d63..375c8ef4 100644 --- a/fetchmail-SA-2005-02.txt +++ b/fetchmail-SA-2005-02.txt @@ -3,14 +3,14 @@ fetchmail-SA-2005-02: security announcement Topic: password exposure in fetchmailconf Author: Matthias Andree -Version: 1.01 +Version: 1.02 Announced: 2005-10-21 Type: insecure creation of file Impact: passwords are written to a world-readable file Danger: medium Credits: Thomas Wolff, Miloslav Trmac for pointing out that fetchmailconf 1.43.1 was also flawed -CVE Name: CAN-2005-3088 +CVE Name: CVE-2005-3088 URL: http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt Affects: fetchmail version 6.2.5.2 @@ -32,9 +32,12 @@ Corrected: 2005-09-28 01:14 UTC (SVN) - committed bugfix (r4351) 0. Release history ================== -2005-10-21 1.00 (shipped with -rc6) -2005-10-21 1.01 (marked 1.43.1 vulnerable, revised section 4, - added Credits) +2005-10-21 1.00 - initial version (shipped with -rc6) +2005-10-21 1.01 - marked 1.43.1 vulnerable + - revised section 4 + - added Credits +2005-10-27 1.02 - reformatted section 0 + - updated CVE Name to new naming scheme 1. Background ============= |