aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormandree <mandree@FreeBSD.org>2010-02-12 17:56:30 +0800
committermandree <mandree@FreeBSD.org>2010-02-12 17:56:30 +0800
commitb0c6c212a85d99c106cd58fa49e9c4cfd97429cf (patch)
tree85db714bbfdb303ae653fd1c3355cffd859bb7e4 /security
parent348f1fea41be2b31ca2d1d713b5fb5ba78d67382 (diff)
downloadfreebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.tar.gz
freebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.tar.zst
freebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.zip
Add CVE-2010-0562 entry for mail/fetchmail.
Approved by: miwi (mentor).
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml35
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 7302fba056e6..c58acab5f05a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2a6a966f-1774-11df-b5c1-0026189baca3">
+ <topic>fetchmail -- heap overflow on verbose X.509 display</topic>
+ <affects>
+ <package>
+ <name>fetchmail</name>
+ <range><ge>6.3.11</ge></range>
+ <range><lt>6.3.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matthias Andree reports:</p>
+ <blockquote cite="http://www.fetchmail.info/fetchmail-SA-2010-01.txt">
+ <p>In verbose mode, fetchmail prints X.509 certificate subject and
+ issuer information to the user, and counts and allocates a malloc()
+ buffer for that purpose.</p>
+ <p>If the material to be displayed contains characters with high bit
+ set and the platform treats the "char" type as signed, this can cause
+ a heap buffer overrun because non-printing characters are escaped as
+ \xFF..FFnn, where nn is 80..FF in hex.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>38088</bid>
+ <cvename>CVE-2010-0562</cvename>
+ <url>http://www.fetchmail.info/fetchmail-SA-2010-01.txt</url>
+ <mlist msgid="20100205014643.GA25506@merlin.emma.line.org">https://lists.berlios.de/pipermail/fetchmail-announce/2010-February/000073.html</mlist>
+ </references>
+ <dates>
+ <discovery>2010-02-04</discovery>
+ <entry>2010-02-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bb0a8795-15dc-11df-bf0a-002170daae37">
<topic>wireshark -- LWRES vulnerability</topic>
<affects>