Link CVE-2010-1167/fetchmail SA-2010-02.

1 files changed, 8 insertions, 0 deletions

diff --git a/website/security.html b/website/security.html
index 33bdc3de..526d887b 100644
--- a/website/security.html
+++ b/website/security.html
@@ -42,6 +42,14 @@
     some of the problems mentioned below, even if they aren't mentioned
     in the security announcements:</p>
     <ul>
+	<li><a name="cve-2010-1167"
+	    href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1167">CVE-2010-1167:</a>
+	Fetchmail <a href="fetchmail-SA-2010-02.txt">could exhaust all
+	    available memory and abort on certain computers (for
+	    instance Linux) in multibyte locales (for instance UTF-8)
+	    when dumping malformed headers in debug (-v -v) mode.</a>
+	This bug was introduced long before 6.0.0 and has been fixed in
+	release 6.3.17.</li>
 	<li><a name="cve-2010-0562"
 	    href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0562">CVE-2010-0562:</a> Fetchmail <a href="fetchmail-SA-2010-01.txt">would overrun the heap when displaying X.509 TLS/SSL certificates with characters with high bit set in verbose mode on platforms where char is a signed type.</a> This bug was introduced in release 6.3.11 and has been fixed in release 6.3.14.</li>
 	<li><a name="cve-2009-2666" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666">CVE-2009-2666:</a> Fetchmail <a href="fetchmail-SA-2009-01.txt">was found to validate SSL/TLS X.509 certificates improperly and allow man-in-the-middle-attacks to go undetected.</a> This bug has been fixed in release 6.3.11. For previous versions, use the <a href="fetchmail-SA-2009-01.txt">patch contained in the security announcement.</a></li>