Prevent buffer overruns in do_gssauth() with long user names.

Reported in private by Greg Hudson.
author: Matthias Andree <matthias.andree@gmx.de> 2018-04-14 20:39:39 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2018-04-14 20:39:39 +0200
commit: 9ad747acc03b6184bfa1387caad0044e5296439e (patch)
tree: 139e853bb9bdf9821ea46ed9f9fe35b4f0031b95 /NEWS
parent: 07f01ce3e566e0c7fd4fa859d759dd70140dcf4e (diff)
download: fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.tar.gz
fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.tar.bz2
fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a9ef33b6..d910c19d 100644
--- a/NEWS
+++ b/NEWS
@@ -88,6 +88,10 @@ fetchmail-6.4.0 (not yet released):
   in favour of another configuration option that makes the insecurity in using
   this option clearer.
 
+## SECURITY FIXES
+* Fetchmail prevents buffer overruns in GSSAPI authentication with user names
+  beyond c. 6000 characters in length. Reported by Greg Hudson.
+
 ## CHANGES
 * fetchmail 6.3.X is unsupported.
 * fetchmail now requires OpenSSL v1.0.2 or newer.
author	Matthias Andree <matthias.andree@gmx.de>	2018-04-14 20:39:39 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2018-04-14 20:39:39 +0200
commit	9ad747acc03b6184bfa1387caad0044e5296439e (patch)
tree	139e853bb9bdf9821ea46ed9f9fe35b4f0031b95 /NEWS
parent	07f01ce3e566e0c7fd4fa859d759dd70140dcf4e (diff)
download	fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.tar.gz fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.tar.bz2 fetchmail-9ad747acc03b6184bfa1387caad0044e5296439e.zip