From 7c6e7ec184cd463b925c812d0803129b3f1e160b Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 20 Jul 2005 15:21:55 +0000
Subject: SECURITY FIX: Plug UID-related buffer overruns that came from
 sscanf(s, ...%s..., s2).

svn path=/trunk/; revision=4143
---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index d8d56b50..32857473 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,14 @@ Abbreviations: MA = Matthias Andree, RF = Rob Funk)
 
 fetchmail 6.3.0 (not yet released officially):
 
+SECURITY FIX:
+* The POP3 UIDL code doesn't sufficiently validate/truncate the input
+  length, so a (malicious or compromised) server that sends UIDs longer
+  than 128 bytes can corrupt fetchmail's stack and crash fetchmail.
+  This vulnerability is remotely exploitable to inject code run in a
+  root shell. CVE Name: CAN-2005-XXXX (not yet assigned)
+
+OTHER CHANGES:
 * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
 * PopDel.py removed from contrib at author's request.
 * Matthias Andree's fix for Sunil Shetye's fetch-split patch
-- 
cgit v1.2.3