Add CVE name. Fix Type: (spotted by Florian Weimer.)

2 files changed, 9 insertions, 8 deletions

diff --git a/NEWS b/NEWS
index 009dccea..13e4ccea 100644
--- a/NEWS
+++ b/NEWS
@@ -55,12 +55,13 @@ removed from a 6.4.0 or newer release.)
 fetchmail-6.3.17 (not yet released):
 
 # SECURITY FIX
-* Fetchmail before release 6.3.17 did not properly sanitize external input
-  (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, 
-  this could cause memory exhaustion and thus a denial of service, because
-  fetchmail's report.c functions assumed that non-success of [v]snprintf was
-  due to insufficient buffer size allocation. It would then repeatedly reallocate
-  a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt.
+* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
+  external input (mail headers and UID). When a multi-character locale (such as
+  UTF-8) was in use, this could cause memory exhaustion and thus a denial of
+  service, because fetchmail's report.c functions assumed that non-success of
+  [v]snprintf was due to insufficient buffer size allocation. It would then
+  repeatedly reallocate a larger buffer and fail formatting again.
+  See fetchmail-SA-2010-02.txt.
 
 # FEATURES
 * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle"
diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt
index ff350b7a..350e769c 100644
--- a/fetchmail-SA-2010-02.txt
+++ b/fetchmail-SA-2010-02.txt
@@ -7,11 +7,11 @@ Topics:		Denial of service in debug output.
 Author:		Matthias Andree
 Version:	0.1 XXX
 Announced:	XXX
-Type:		malloc() Buffer overrun with printable characters
+Type:		Unbounded allocation of memory until exhaustion.
 Impact:		Denial of service.
 Danger:		low
 
-CVE Name:	CVE-2010-XXXX
+CVE Name:	CVE-2010-1167
 CVSSv2:		XXX
 URL:		http://www.fetchmail.info/fetchmail-SA-2010-02.txt
 Project URL:	http://www.fetchmail.info/