diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2010-02-09 10:45:57 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-02-09 10:45:57 +0100 |
| commit | 84508cb3ad69e1a4ae44e46eb7292ff174f49a2f (patch) | |
| tree | 9e3514bd066ebe8e8040a91de9cbb76b5423fc8f /website | |
| parent | 92131c83dbc2ccba80c04efcd07b28852a648cf2 (diff) | |
| download | fetchmail-84508cb3ad69e1a4ae44e46eb7292ff174f49a2f.tar.gz fetchmail-84508cb3ad69e1a4ae44e46eb7292ff174f49a2f.tar.bz2 fetchmail-84508cb3ad69e1a4ae44e46eb7292ff174f49a2f.zip | |
Add CVE for sdump X.509 display bug in 6.3.11-6.3.13.
Diffstat (limited to 'website')
| -rw-r--r-- | website/security.html | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/website/security.html b/website/security.html index 6825ee22..33bdc3de 100644 --- a/website/security.html +++ b/website/security.html @@ -28,7 +28,7 @@ <a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br> <a href="design-notes.html">Design Notes</a><br> <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br> - <a href="http://gitorious.org/fetchmail/fetchmail/">Development Code</a><br> + <a href="http://gitorious.org/fetchmail/fetchmail/">Development</a><br> <a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br> <hr> </div> @@ -42,7 +42,8 @@ some of the problems mentioned below, even if they aren't mentioned in the security announcements:</p> <ul> - <li>CVE-XXXX-XXXX: Fetchmail <a href="fetchmail-SA-2010-01.txt">would overrun the heap when displaying X.509 TLS/SSL certificates with characters with high bit set in verbose mode on platforms where char is a signed type.</a> This bug was introduced in release 6.3.11 and has been fixed in release 6.3.14.</li> + <li><a name="cve-2010-0562" + href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0562">CVE-2010-0562:</a> Fetchmail <a href="fetchmail-SA-2010-01.txt">would overrun the heap when displaying X.509 TLS/SSL certificates with characters with high bit set in verbose mode on platforms where char is a signed type.</a> This bug was introduced in release 6.3.11 and has been fixed in release 6.3.14.</li> <li><a name="cve-2009-2666" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666">CVE-2009-2666:</a> Fetchmail <a href="fetchmail-SA-2009-01.txt">was found to validate SSL/TLS X.509 certificates improperly and allow man-in-the-middle-attacks to go undetected.</a> This bug has been fixed in release 6.3.11. For previous versions, use the <a href="fetchmail-SA-2009-01.txt">patch contained in the security announcement.</a></li> <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> |