From 99113547e733f876cc2f8dfbe8412ed7e082d479 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 13 Jun 2008 16:20:49 +0000
Subject: Fix Novell Bug #354291, fetchmail crashes in -v -v mode when logging
 long To: headers (in excess of 2048 bytes).

svn path=/branches/BRANCH_6-3/; revision=5193
---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 0f5de772..bffec103 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,14 @@ fetchmail 6.3.9 (not yet released):
   This bug was apparently introduced on 1998-11-27 when the bouncemail facility
   was modularized. The bug then made its appearance in fetchmail release 4.6.8.
   See also fetchmail-SA-2007-02.txt.
+* CVE-2008-XXXX: Denial of service: When fetchmail logs data blobs
+  (for instance, a To: header in -v -v verbose mode) in excess of 2048
+  bytes, it will crash, because it hands an uninitialized argument
+  pointer (not the format string though) to vsnprintf and reads a
+  random memory location (it calls va_arg() too often without
+  resetting it with va_start()). Based on a patch by Petr Uzel, fixes
+  Novell Bug #354291.
+  See also fetchmail-SA-2008-01.txt.
 
 # CRITICAL BUG FIX:
 * When expunging, mark the right messages as seen to avoid message loss in "keep
-- 
cgit v1.2.3