diff options
author | mandree <mandree@FreeBSD.org> | 2010-02-12 17:56:30 +0800 |
---|---|---|
committer | mandree <mandree@FreeBSD.org> | 2010-02-12 17:56:30 +0800 |
commit | b0c6c212a85d99c106cd58fa49e9c4cfd97429cf (patch) | |
tree | 85db714bbfdb303ae653fd1c3355cffd859bb7e4 /security | |
parent | 348f1fea41be2b31ca2d1d713b5fb5ba78d67382 (diff) | |
download | freebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.tar.gz freebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.tar.zst freebsd-ports-gnome-b0c6c212a85d99c106cd58fa49e9c4cfd97429cf.zip |
Add CVE-2010-0562 entry for mail/fetchmail.
Approved by: miwi (mentor).
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7302fba056e6..c58acab5f05a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2a6a966f-1774-11df-b5c1-0026189baca3"> + <topic>fetchmail -- heap overflow on verbose X.509 display</topic> + <affects> + <package> + <name>fetchmail</name> + <range><ge>6.3.11</ge></range> + <range><lt>6.3.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthias Andree reports:</p> + <blockquote cite="http://www.fetchmail.info/fetchmail-SA-2010-01.txt"> + <p>In verbose mode, fetchmail prints X.509 certificate subject and + issuer information to the user, and counts and allocates a malloc() + buffer for that purpose.</p> + <p>If the material to be displayed contains characters with high bit + set and the platform treats the "char" type as signed, this can cause + a heap buffer overrun because non-printing characters are escaped as + \xFF..FFnn, where nn is 80..FF in hex.</p> + </blockquote> + </body> + </description> + <references> + <bid>38088</bid> + <cvename>CVE-2010-0562</cvename> + <url>http://www.fetchmail.info/fetchmail-SA-2010-01.txt</url> + <mlist msgid="20100205014643.GA25506@merlin.emma.line.org">https://lists.berlios.de/pipermail/fetchmail-announce/2010-February/000073.html</mlist> + </references> + <dates> + <discovery>2010-02-04</discovery> + <entry>2010-02-12</entry> + </dates> + </vuln> + <vuln vid="bb0a8795-15dc-11df-bf0a-002170daae37"> <topic>wireshark -- LWRES vulnerability</topic> <affects> |