aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--fetchmail-SA-2008-01.txt11
2 files changed, 8 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index bffec103..abe43b9b 100644
--- a/NEWS
+++ b/NEWS
@@ -54,7 +54,7 @@ fetchmail 6.3.9 (not yet released):
This bug was apparently introduced on 1998-11-27 when the bouncemail facility
was modularized. The bug then made its appearance in fetchmail release 4.6.8.
See also fetchmail-SA-2007-02.txt.
-* CVE-2008-XXXX: Denial of service: When fetchmail logs data blobs
+* CVE-2008-2711: Denial of service: When fetchmail logs data blobs
(for instance, a To: header in -v -v verbose mode) in excess of 2048
bytes, it will crash, because it hands an uninitialized argument
pointer (not the format string though) to vsnprintf and reads a
diff --git a/fetchmail-SA-2008-01.txt b/fetchmail-SA-2008-01.txt
index 6852ff14..a74fb081 100644
--- a/fetchmail-SA-2008-01.txt
+++ b/fetchmail-SA-2008-01.txt
@@ -4,14 +4,14 @@ Topics: Crash in large log messages in verbose mode.
Author: Matthias Andree
Version: 1.0
-Announced:
+Announced: 2008-06-17
Type: Dereferencing garbage pointer trigged by outside circumstances
Impact: denial of service possible
Danger: low
CVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
Credits: Petr Uzel (fix), Petr Cerny (analysis), Gunter Nau (bug report)
-CVE Name: XXX
+CVE Name: CVE-2008-2711
URL: http://www.fetchmail.info/fetchmail-SA-2008-01.txt
Project URL: http://www.fetchmail.info/
@@ -20,15 +20,18 @@ Affects: fetchmail release < 6.3.9 exclusively
Not affected: fetchmail release 6.3.9 and newer
systems without varargs (stdargs.h) support.
-Corrected: 2008-06-13 fetchmail SVN (rev XXX)
+Corrected: 2008-06-13 fetchmail SVN (rev 5193)
References: <https://bugzilla.novell.com/show_bug.cgi?id=354291>
<http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824>
+
0. Release history
==================
-2008-06-13 1.0 first draft for MITRE/CVE (visible in SVN)
+2008-06-13 1.0 first draft for MITRE/CVE (visible in SVN,
+ posted to oss-security)
+2008-06-17 1.0 published on http://www.fetchmail.info/
1. Background
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 17:11:17 +0000