diff options
| -rw-r--r-- | fetchmail-SA-2010-02.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt index 1adbf5ef..d7bf9b3a 100644 --- a/fetchmail-SA-2010-02.txt +++ b/fetchmail-SA-2010-02.txt @@ -30,6 +30,7 @@ Corrected: 2010-04-24 Git (XXX) 2010-04-19 0.2 add note announcements may appear before releases 2010-04-20 0.3 add CVE name, fix Type: 2010-04-24 0.4 revise patch +2010-04-29 0.5 add info on contributing/mitigating factors XXX @@ -54,6 +55,12 @@ will misinterpret this condition, and believe that the buffer was too small, and reallocate a bigger one (with linearly increasing buffer size), and repeat, until the allocation fails. At that point, fetchmail will abort. +The exact combination of contributing and mitigating factors is not +fully understood; GNU glibc 2.7 and 2.10.1 on i586 report EILSEQ when +printing invalid sequences through a %.*s format string in multibyte +locales such as de_DE.UTF-8; NetBSD 5, FreeBSD 8 and Solaris 10 do not. +However, the issue is a genuine fetchmail bug that deserves a fix. + Note that the "Affects:" line above may be inaccurate, and it may be that versions before 5.6.6 are actually unaffected. The author was unable to compile such old fetchmail versions to verify the existence of the bug. |