diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -54,6 +54,14 @@ fetchmail 6.3.9 (not yet released): This bug was apparently introduced on 1998-11-27 when the bouncemail facility was modularized. The bug then made its appearance in fetchmail release 4.6.8. See also fetchmail-SA-2007-02.txt. +* CVE-2008-XXXX: Denial of service: When fetchmail logs data blobs + (for instance, a To: header in -v -v verbose mode) in excess of 2048 + bytes, it will crash, because it hands an uninitialized argument + pointer (not the format string though) to vsnprintf and reads a + random memory location (it calls va_arg() too often without + resetting it with va_start()). Based on a patch by Petr Uzel, fixes + Novell Bug #354291. + See also fetchmail-SA-2008-01.txt. # CRITICAL BUG FIX: * When expunging, mark the right messages as seen to avoid message loss in "keep |