X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail-SA-2008-01.txt;h=025e5b66fb597c3f092c89f27fea20b6feec4064;hb=9aa6e502b5efa72e564721c79285058f90dc688e;hp=6fbf15e4217c779694a3687eba247609e31055f5;hpb=94b3f4fdb0d14c01444cf02389511d9a45b6e1e1;p=~andy%2Ffetchmail

diff --git a/fetchmail-SA-2008-01.txt b/fetchmail-SA-2008-01.txt
index 6fbf15e4..025e5b66 100644
--- a/fetchmail-SA-2008-01.txt
+++ b/fetchmail-SA-2008-01.txt
@@ -6,9 +6,9 @@ fetchmail-SA-2008-01: Crash on large log messages in verbose mode
 Topics:		Crash in large log messages in verbose mode.
 
 Author:		Matthias Andree
-Version:	1.0
+Version:	1.2
 Announced:	2008-06-17
-Type:		Dereferencing garbage pointer trigged by outside circumstances
+Type:		Dereferencing garbage pointer triggered by outside circumstances
 Impact:		denial of service possible
 Danger:		low
 CVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
@@ -18,12 +18,14 @@ CVE Name:	CVE-2008-2711
 URL:		http://www.fetchmail.info/fetchmail-SA-2008-01.txt
 Project URL:	http://www.fetchmail.info/
 
-Affects:	fetchmail release < 6.3.9 exclusively
+Affects:	fetchmail release before and excluding 6.3.9
+		fetchmail release candidate 6.3.9-rc1
 
 Not affected:	fetchmail release 6.3.9 and newer
-		systems without varargs (stdargs.h) support.
+		fetchmail release candidate 6.3.9-rc2 and newer
+		systems without varargs support.
 
-Corrected:	2008-06-13 fetchmail SVN (rev 5193)
+Corrected:	2008-06-24 fetchmail SVN (rev 5205)
 
 References:	<https://bugzilla.novell.com/show_bug.cgi?id=354291>
 		<http://developer.berlios.de/patch/?func=detailpatch&patch_id=2492&group_id=1824>
@@ -35,6 +37,8 @@ References:	<https://bugzilla.novell.com/show_bug.cgi?id=354291>
 2008-06-13 1.0	first draft for MITRE/CVE (visible in SVN,
 		posted to oss-security)
 2008-06-17 1.0	published on http://www.fetchmail.info/
+2008-06-17 1.1	Corrected typo in Type: above (trigged -> triggered)
+2008-06-24 1.2  also fixed issue in report_complete (reported by Petr Uzel)
 
 
 1. Background
@@ -105,22 +109,36 @@ A. Copyright, License and Warranty
 (C) Copyright 2008 by Matthias Andree, <matthias.andree@gmx.de>.
 Some rights reserved.
 
-This work is licensed under the Creative Commons
-Attribution-NonCommercial-NoDerivs German License. To view a copy of
-this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
-or send a letter to Creative Commons; 559 Nathan Abbott Way;
-Stanford, California 94305; USA.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
+To view a copy of this license, visit
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
+
+Creative Commons
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
+USA
 
 THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
 Use the information herein at your own risk.
 
 
-
 B. Patch to remedy the problem
 ==============================
 
+Note that when taking this from a GnuPG clearsigned file, the lines 
+starting with a "-" character are prefixed by another "- " (dash + 
+blank) combination. Either feed this file through GnuPG to strip them, 
+or strip them manually.
+
+Whitespace differences can usually be ignored by invoking "patch -l",
+so try this if the patch does not apply.
+
 diff --git a/report.c b/report.c
-index 31d4e48..2a731ac 100644
+index 31d4e48..320e60b 100644
 - --- a/report.c
 +++ b/report.c
 @@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist)
@@ -150,12 +168,35 @@ index 31d4e48..2a731ac 100644
  #else
      for ( ; ; )
      {
+@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, va_alist)
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+- -    VA_START (args, message);
+     for ( ; ; )
+     {
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end(args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, va_alist)
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+- -    va_end (args);
+ #else
+     for ( ; ; )
+     {
 
 END OF fetchmail-SA-2008-01.txt
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.5 (GNU/Linux)
+Version: GnuPG v1.4.11 (GNU/Linux)
 
-iD8DBQFIV7WYvmGDOQUufZURAs7/AJ49LCd2q34puZHNe4GxcXnsOtB8DQCg7mth
-BUgZUxZxPInU60c9rNFbOm8=
-=yg6v
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZVbTACeOfZU3NVlDF675SDiVqPL4uAl
+fsgAoMEqf6cpav6sDdEobMHV3UzHSOJV
+=uvVR
 -----END PGP SIGNATURE-----