From d7db335df7367b96b094e8b886c161f4de11f525 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Mon, 17 Aug 2009 17:16:35 +0000
Subject: Fix free() of unallocated memory on intact/non-verbose
 SSL-connections.

Problem was improper scoping of xfree(tt). Patch courtesy of Thomas Heinz.
Fixes Gentoo bug #280760.

svn path=/branches/BRANCH_6-3/; revision=5415
---
 NEWS | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 8b3c074a..abf07101 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,15 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail 6.3.12 (released XXXX-XX-XX - not yet):
 
+# REGRESSION FIXES
+* The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
+  unallocated memory on SSL connections, which caused crashes or program aborts
+  on some systems (depending on how initialization and free() of unallocated
+  memory is handled in compiler and libc).
+  Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
+  This regression affected only the 6.3.11 release, but not the patch that was
+  part of the security announcement fetchmail-SA-2009-01.
+
 # TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
 * [ca]    Catalan (Ernest Adrogué Calveras)
 * [cs]    Czech (Petr Pisar)
-- 
cgit v1.2.3