From 92131c83dbc2ccba80c04efcd07b28852a648cf2 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Tue, 9 Feb 2010 10:41:30 +0100
Subject: Add CVE for sdump X.509 display bug in 6.3.11-6.3.13.

---
 NEWS                     |  6 +++---
 fetchmail-SA-2010-01.txt | 13 ++++++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/NEWS b/NEWS
index c8ee0933..e2c04976 100644
--- a/NEWS
+++ b/NEWS
@@ -67,9 +67,9 @@ fetchmail 6.3.15 (not yet released):
 fetchmail 6.3.14 (released 2010-02-05, 25487 LoC):
 
 # SECURITY FIXES
-* SSL/TLS certificate information is now also reported properly on computers
-  that consider the "char" type signed. Fixes malloc() buffer overrun.
-  Workaround for older versions: do not use verbose mode.
+* CVE-2010-0562: SSL/TLS certificate information is now also reported properly
+  on computers that consider the "char" type signed. Fixes malloc() buffer
+  overrun.  Workaround for older versions: do not use verbose mode.
   See fetchmail-SA-2010-01.txt for details, including a minimal patch.
 
 # BUG FIXES
diff --git a/fetchmail-SA-2010-01.txt b/fetchmail-SA-2010-01.txt
index ea2b6617..d6276412 100644
--- a/fetchmail-SA-2010-01.txt
+++ b/fetchmail-SA-2010-01.txt
@@ -7,12 +7,13 @@ Topics:		Heap overrun in verbose SSL certificate information display.
 
 Author:		Matthias Andree
 Version:	1.0
-Announced:
+Announced:	2010-02-05
 Type:		malloc() Buffer overrun with printable characters
 Impact:		Code injection (difficult).
 Danger:		low
 
-CVE Name:	to be assigned via oss-security@ list
+CVE Name:	CVE-2010-0562
+CVSSv2:		(AV:N/AC:H/Au:N/C:N/I:C/A:P/E:U/RL:O/RC:C) proposed
 URL:		http://www.fetchmail.info/fetchmail-SA-2010-01.txt
 Project URL:	http://www.fetchmail.info/
 
@@ -21,6 +22,7 @@ Affects:	fetchmail releases 6.3.11, 6.3.12, and 6.3.13
 Not affected:	fetchmail release 6.3.14 and newer
 
 Corrected:	2010-02-04 fetchmail SVN (r5467)
+		           Git (f1c7607615ebd48807db6170937fe79bb89d47d4)
 		2010-02-05 fetchmail release 6.3.14
 
 
@@ -29,6 +31,7 @@ Corrected:	2010-02-04 fetchmail SVN (r5467)
 
 2010-02-04 0.1	first draft (visible in SVN and through oss-security)
 2010-02-05 1.0	fixed signed/unsigned typo (found by Nico Golde)
+2010-02-09 1.1	added CVE/CVSS, Announced: date
 
 
 1. Background
@@ -135,7 +138,7 @@ END OF fetchmail-SA-2010-01.txt
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.12 (GNU/Linux)
 
-iEYEARECAAYFAktrbs0ACgkQvmGDOQUufZWzMQCg49F/WJiOjGwWZKHHzBcfTgx/
-sLIAmQHPO3mezy3Ku0O29b4AXHL2ZQNb
-=kF7s
+iEYEARECAAYFAktxLWcACgkQvmGDOQUufZUGBQCg8AU5mXRaGBo+tETsGYjFX10m
+6SYAnA6IVIeoTjKvspD8BnLLd0yGU2iw
+=b7ry
 -----END PGP SIGNATURE-----
-- 
cgit v1.2.3