From e5a4131e735b5a59dbc3b4b8024e437bae84bc16 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Tue, 31 May 2011 22:39:36 +0200 Subject: Add CVE name. --- NEWS | 3 ++- fetchmail-SA-2011-01.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index a72a03b8..eacede8a 100644 --- a/NEWS +++ b/NEWS @@ -59,7 +59,8 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.20 (not yet released): # SECURITY BUG FIXES -* Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout +* CVE-2011-1947: + Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout (default five minutes) now. This was reported missing, from fetchmail freezes beyond a week, by Thomas Jarosch. SSL-wrapped connections were unaffected by this timeout, so users of older diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt index fc627f65..915b3524 100644 --- a/fetchmail-SA-2011-01.txt +++ b/fetchmail-SA-2011-01.txt @@ -9,7 +9,7 @@ Type: Unguarded blocking I/O can cause indefinite application hang Impact: Denial of service Danger: low -CVE Name: +CVE Name: CVE-2011-1947 CVSSv2: CVSS scores: This is calculated without Environmental Score. -- cgit v1.2.3