Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=df546faaf196e0d3b12c55a2ac64617d921163d9
commit df546faaf196e0d3b12c55a2ac64617d921163d9 Author: Miklos Vajna <vmik...@frugalware.org> Date: Tue Apr 27 13:48:13 2010 +0200 FSA667-fetchmail diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index f06a6d8..a7bbd02 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,17 @@ <fsas> <fsa> + <id>667</id> + <date>2010-04-27</date> + <author>Miklos Vajna</author> + <package>fetchmail</package> + <vulnerable>6.3.13-1</vulnerable> + <unaffected>6.3.16-1locris1</unaffected> + <bts>http://bugs.frugalware.org/task/4195</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167</cve> + <desc>Fetchmail did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, this could cause memory exhaustion and thus a denial of service, because fetchmail's report.c functions assumed that non-success of [v]snprintf was due to insufficient buffer size allocation. It would then repeatedly reallocate a larger buffer and fail formatting again.</desc> + </fsa> + <fsa> <id>666</id> <date>2010-04-26</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git