aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2010-04-20 10:10:31 +0200
committerMatthias Andree <matthias.andree@gmx.de>2010-04-20 10:10:31 +0200
commitdbb3ce17820b05b993ca1f85e62ec303290ba7e8 (patch)
treed3e7d02f00a4481ce2fa93baa60a6fdb9ce2ebe2 /NEWS
parent12ac2f9102f59e8cb251ed93ad7cde26a5d5fff7 (diff)
downloadfetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.tar.gz
fetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.tar.bz2
fetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.zip
Add CVE name. Fix Type: (spotted by Florian Weimer.)
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS13
1 files changed, 7 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 009dccea..13e4ccea 100644
--- a/NEWS
+++ b/NEWS
@@ -55,12 +55,13 @@ removed from a 6.4.0 or newer release.)
fetchmail-6.3.17 (not yet released):
# SECURITY FIX
-* Fetchmail before release 6.3.17 did not properly sanitize external input
- (mail headers and UID). When a multi-character locale (such as UTF-8) was in use,
- this could cause memory exhaustion and thus a denial of service, because
- fetchmail's report.c functions assumed that non-success of [v]snprintf was
- due to insufficient buffer size allocation. It would then repeatedly reallocate
- a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt.
+* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
+ external input (mail headers and UID). When a multi-character locale (such as
+ UTF-8) was in use, this could cause memory exhaustion and thus a denial of
+ service, because fetchmail's report.c functions assumed that non-success of
+ [v]snprintf was due to insufficient buffer size allocation. It would then
+ repeatedly reallocate a larger buffer and fail formatting again.
+ See fetchmail-SA-2010-02.txt.
# FEATURES
* Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle"