From d344694f96268b7cda5bcdcb927665b2e7e19af3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Tue, 17 Jun 2008 12:43:03 +0000
Subject: Add CVE Name CVE-2008-2711 for fetchmail-SA-2008-01.

svn path=/branches/BRANCH_6-3/; revision=5196
---
 NEWS                     |  2 +-
 fetchmail-SA-2008-01.txt | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index bffec103..abe43b9b 100644
--- a/NEWS
+++ b/NEWS
@@ -54,7 +54,7 @@ fetchmail 6.3.9 (not yet released):
   This bug was apparently introduced on 1998-11-27 when the bouncemail facility
   was modularized. The bug then made its appearance in fetchmail release 4.6.8.
   See also fetchmail-SA-2007-02.txt.
-* CVE-2008-XXXX: Denial of service: When fetchmail logs data blobs
+* CVE-2008-2711: Denial of service: When fetchmail logs data blobs
   (for instance, a To: header in -v -v verbose mode) in excess of 2048
   bytes, it will crash, because it hands an uninitialized argument
   pointer (not the format string though) to vsnprintf and reads a
diff --git a/fetchmail-SA-2008-01.txt b/fetchmail-SA-2008-01.txt
index 6852ff14..a74fb081 100644
--- a/fetchmail-SA-2008-01.txt
+++ b/fetchmail-SA-2008-01.txt
@@ -4,14 +4,14 @@ Topics:		Crash in large log messages in verbose mode.
 
 Author:		Matthias Andree
 Version:	1.0
-Announced:
+Announced:	2008-06-17
 Type:		Dereferencing garbage pointer trigged by outside circumstances
 Impact:		denial of service possible
 Danger:		low
 CVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
 
 Credits:	Petr Uzel (fix), Petr Cerny (analysis), Gunter Nau (bug report)
-CVE Name:	XXX
+CVE Name:	CVE-2008-2711
 URL:		http://www.fetchmail.info/fetchmail-SA-2008-01.txt
 Project URL:	http://www.fetchmail.info/
 
@@ -20,15 +20,18 @@ Affects:	fetchmail release < 6.3.9 exclusively
 Not affected:	fetchmail release 6.3.9 and newer
 		systems without varargs (stdargs.h) support.
 
-Corrected:	2008-06-13 fetchmail SVN (rev XXX)
+Corrected:	2008-06-13 fetchmail SVN (rev 5193)
 
 References:	<https://bugzilla.novell.com/show_bug.cgi?id=354291>
 		<http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824>
 
+
 0. Release history
 ==================
 
-2008-06-13 1.0	first draft for MITRE/CVE (visible in SVN)
+2008-06-13 1.0	first draft for MITRE/CVE (visible in SVN,
+		posted to oss-security)
+2008-06-17 1.0	published on http://www.fetchmail.info/
 
 
 1. Background
-- 
cgit v1.2.3