diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -6,6 +6,14 @@ Abbreviations: MA = Matthias Andree, RF = Rob Funk) fetchmail 6.3.0 (not yet released officially): +SECURITY FIX: +* The POP3 UIDL code doesn't sufficiently validate/truncate the input + length, so a (malicious or compromised) server that sends UIDs longer + than 128 bytes can corrupt fetchmail's stack and crash fetchmail. + This vulnerability is remotely exploitable to inject code run in a + root shell. CVE Name: CAN-2005-XXXX (not yet assigned) + +OTHER CHANGES: * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. * PopDel.py removed from contrib at author's request. * Matthias Andree's fix for Sunil Shetye's fetch-split patch |