X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail-SA-2006-01.txt;h=672b5510b24e1d60993fe924afbb8a27e46d04a5;hb=03a31a4771efd7e48256ac0d7d2442f5e6bc381f;hp=d929c6b5077fa5ffa7f16f24de850a999f8430e5;hpb=33280d2b96b4010645c5e0a5f9e892ca9fddc1d0;p=~andy%2Ffetchmail diff --git a/fetchmail-SA-2006-01.txt b/fetchmail-SA-2006-01.txt index d929c6b5..672b5510 100644 --- a/fetchmail-SA-2006-01.txt +++ b/fetchmail-SA-2006-01.txt @@ -1,35 +1,43 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2006-01: crash when bouncing messages. Topics: #1 crash when bouncing a message #2 fetchmail 6.2.5.X end of life Author: Matthias Andree -Version: XXX -Announced: XXX +Version: 1.1 +Announced: 2006-01-22 Type: free() with bogus pointer Impact: fetchmail crashes Danger: low Credits: Nathaniel W. Turner (bug report) -CVE Name: XXX +CVE Name: CVE-2006-0321 URL: http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt http://bugs.debian.org/348747 Project URL: http://fetchmail.berlios.de/ -Affects: fetchmail version 6.3.0 - fetchmail version 6.3.1 +Affects: fetchmail release >= 6.3.0 + fetchmail release < 6.3.2 + fetchmail release candidates 6.3.2-rc1, -rc2 and -rc3 -Not affected: fetchmail 6.3.2 - fetchmail 6.2.5.5 +Not affected: fetchmail release candidate 6.3.2-rc4 + fetchmail release 6.3.2 other versions not mentioned here or in the previous sections have not been checked -Corrected: XXX +Corrected: 2006-01-19 fetchmail 6.3.2-rc4 + 2006-01-22 fetchmail 6.3.2 0. Release history ================== 2006-01-19 internal review draft +2006-01-20 add CVE ID +2006-01-22 release 1.0 +2006-01-25 release 1.1, add fetchmail 6.3.2 to "Not affected" above. 1. Background @@ -48,12 +56,11 @@ control) files for fetchmail. ================================= Fetchmail contains a bug that causes itself to crash when bouncing a -message to the originator or to the local postmaster. Fetchmail crashes -when trying to free the dynamic array of failed addresses, and calls the -free() function with an invalid pointer. - -Note that such messages are not RFC-822 conformant, so if the server has -not been tampered with, the server software is faulty. +message to the originator or to the local postmaster. The crash happens +after the bounce message has been sent, when fetchmail tries to free the +dynamic array of failed addresses, and calls the free() function with an +invalid pointer. This bug was introduced short before fetchmail 6.3.0 +and is not present in the now discontinued 6.2.X series (see below). 3. Workaround @@ -77,7 +84,8 @@ The aged fetchmail 6.2.5.X branch is discontinued effective immediately. No further releases from the 6.2.5.X branch will be made. The new 6.3.X stable branch has been available since 2005-11-30 -and will not change except for bugfixes, documentation and translations. +and will not change except for bugfixes, documentation and message +translations. A. Copyright, License and Warranty @@ -86,13 +94,28 @@ A. Copyright, License and Warranty (C) Copyright 2006 by Matthias Andree, . Some rights reserved. -This work is licensed under the Creative Commons -Attribution-NonCommercial-NoDerivs German License. To view a copy of -this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ -or send a letter to Creative Commons; 559 Nathan Abbott Way; -Stanford, California 94305; USA. +This work is licensed under the +Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0). + +To view a copy of this license, visit +http://creativecommons.org/licenses/by-nd/3.0/de/deed.en +or send a letter to: + +Creative Commons +444 Castro Street +Suite 900 +MOUNTAIN VIEW, CALIFORNIA 94041 +USA THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2006-01.txt + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZVnOgCfVyOBUSVgRSjBtqzjaLwKEg0K +30YAoJiFeNUcNBO3oKfq5rMdSEeNAfGP +=Gvze +-----END PGP SIGNATURE-----