From ec06293134b85876f9201d8a52b844c41581b2b3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sun, 18 Apr 2010 18:01:38 +0200
Subject: SECURITY FIX: DoS on EILSEQ in report_*() in -vv and
 multibyte-locales.

---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 223811ad..802309cf 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,14 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail-6.3.17 (not yet released):
 
+# SECURITY FIX
+* Fetchmail before release 6.3.17 did not properly sanitize external input
+  (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, 
+  this could cause memory exhaustion and thus a denial of service, because
+  fetchmail's report.c functions assumed that non-success of [v]snprintf was
+  due to insufficient buffer size allocation. It would then repeatedly reallocate
+  a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt.
+
 # REGRESSION FIX
 * Fix string handling in rcfile scanner, which caused fetchmail to misparse a
   run control file in certain circumstances.  Fixes BerliOS bug #14257.
-- 
cgit v1.2.3