diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2010-04-20 10:10:31 +0200 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2010-04-20 10:10:31 +0200 |
commit | dbb3ce17820b05b993ca1f85e62ec303290ba7e8 (patch) | |
tree | d3e7d02f00a4481ce2fa93baa60a6fdb9ce2ebe2 /NEWS | |
parent | 12ac2f9102f59e8cb251ed93ad7cde26a5d5fff7 (diff) | |
download | fetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.tar.gz fetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.tar.bz2 fetchmail-dbb3ce17820b05b993ca1f85e62ec303290ba7e8.zip |
Add CVE name. Fix Type: (spotted by Florian Weimer.)
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 13 |
1 files changed, 7 insertions, 6 deletions
@@ -55,12 +55,13 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.17 (not yet released): # SECURITY FIX -* Fetchmail before release 6.3.17 did not properly sanitize external input - (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, - this could cause memory exhaustion and thus a denial of service, because - fetchmail's report.c functions assumed that non-success of [v]snprintf was - due to insufficient buffer size allocation. It would then repeatedly reallocate - a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt. +* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize + external input (mail headers and UID). When a multi-character locale (such as + UTF-8) was in use, this could cause memory exhaustion and thus a denial of + service, because fetchmail's report.c functions assumed that non-success of + [v]snprintf was due to insufficient buffer size allocation. It would then + repeatedly reallocate a larger buffer and fail formatting again. + See fetchmail-SA-2010-02.txt. # FEATURES * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle" |