SECURITY FIX: Plug UID-related buffer overruns that came from sscanf(s, ...%s..., s2).

svn path=/trunk/; revision=4143
author: Matthias Andree <matthias.andree@gmx.de> 2005-07-20 15:21:55 +0000
committer: Matthias Andree <matthias.andree@gmx.de> 2005-07-20 15:21:55 +0000
commit: 7c6e7ec184cd463b925c812d0803129b3f1e160b (patch)
tree: 8465492fba3c457093a3282de69acc19bd657952 /NEWS
parent: 4d627288d68a288e50ae30d57dc6493ed94460cf (diff)
download: fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.tar.gz
fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.tar.bz2
fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index d8d56b50..32857473 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,14 @@ Abbreviations: MA = Matthias Andree, RF = Rob Funk)
 
 fetchmail 6.3.0 (not yet released officially):
 
+SECURITY FIX:
+* The POP3 UIDL code doesn't sufficiently validate/truncate the input
+  length, so a (malicious or compromised) server that sends UIDs longer
+  than 128 bytes can corrupt fetchmail's stack and crash fetchmail.
+  This vulnerability is remotely exploitable to inject code run in a
+  root shell. CVE Name: CAN-2005-XXXX (not yet assigned)
+
+OTHER CHANGES:
 * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
 * PopDel.py removed from contrib at author's request.
 * Matthias Andree's fix for Sunil Shetye's fetch-split patch
author	Matthias Andree <matthias.andree@gmx.de>	2005-07-20 15:21:55 +0000
committer	Matthias Andree <matthias.andree@gmx.de>	2005-07-20 15:21:55 +0000
commit	7c6e7ec184cd463b925c812d0803129b3f1e160b (patch)
tree	8465492fba3c457093a3282de69acc19bd657952 /NEWS
parent	4d627288d68a288e50ae30d57dc6493ed94460cf (diff)
download	fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.tar.gz fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.tar.bz2 fetchmail-7c6e7ec184cd463b925c812d0803129b3f1e160b.zip