From 9ad747acc03b6184bfa1387caad0044e5296439e Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 14 Apr 2018 20:39:39 +0200
Subject: Prevent buffer overruns in do_gssauth() with long user names.

Reported in private by Greg Hudson.
---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index a9ef33b6..d910c19d 100644
--- a/NEWS
+++ b/NEWS
@@ -88,6 +88,10 @@ fetchmail-6.4.0 (not yet released):
   in favour of another configuration option that makes the insecurity in using
   this option clearer.
 
+## SECURITY FIXES
+* Fetchmail prevents buffer overruns in GSSAPI authentication with user names
+  beyond c. 6000 characters in length. Reported by Greg Hudson.
+
 ## CHANGES
 * fetchmail 6.3.X is unsupported.
 * fetchmail now requires OpenSSL v1.0.2 or newer.
-- 
cgit v1.2.3