X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail-SA-2010-02.txt;h=f1c17b75b3368f29b22745f8583d49da10818d96;hb=87bcf29364c4640edb87cc2186b965d1a564d70c;hp=d7bf9b3a346a36b0bac7ec81e66d9bcc96f44070;hpb=2d2f657c1c695771cbd6de495b6d306c5fddb2f5;p=~andy%2Ffetchmail

diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt
index d7bf9b3a..f1c17b75 100644
--- a/fetchmail-SA-2010-02.txt
+++ b/fetchmail-SA-2010-02.txt
@@ -1,18 +1,21 @@
-- DRAFT - XXX - DRAFT -
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
 
 fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales
 
-Topics:		Denial of service in debug output.
+Topics:		Denial of service in debug output
 
 Author:		Matthias Andree
-Version:	0.4 XXX
-Announced:	XXX
-Type:		Unbounded allocation of memory until exhaustion.
-Impact:		Denial of service.
+Version:	1.0
+Announced:	2010-05-06
+Type:		Unbounded allocation of memory until exhaustion
+Impact:		Denial of service
 Danger:		low
 
 CVE Name:	CVE-2010-1167
-CVSSv2:		XXX
+CVSSv2:		(AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:O/RC:C)
+CVSS scores:	3.2, Base 4.3 (Impact 2.9, Exploitability 8.6), Temporal 3.2
+		This is calculated without Environmental Score.
 URL:		http://www.fetchmail.info/fetchmail-SA-2010-02.txt
 Project URL:	http://www.fetchmail.info/
 
@@ -20,7 +23,13 @@ Affects:	fetchmail releases 4.6.3 up to and including 6.3.16
 
 Not affected:	fetchmail release 6.3.17 and newer
 
-Corrected:	2010-04-24 Git (XXX)
+Corrected:	2010-04-24 Git, required commits:
+		167fa2093e82f891eb2fcb6eaa0b1eb3685f44e3
+		ec06293134b85876f9201d8a52b844c41581b2b3
+
+		2010-04-30 fetchmail 6.3.17-pre1 tarball
+
+		2010-05-06 fetchmail 6.3.17 release tarball
 
 
 0. Release history
@@ -28,10 +37,10 @@ Corrected:	2010-04-24 Git (XXX)
 
 2010-04-18 0.1	first draft (visible in SVN and through oss-security)
 2010-04-19 0.2	add note announcements may appear before releases
-2010-04-20 0.3  add CVE name, fix Type:
-2010-04-24 0.4  revise patch
-2010-04-29 0.5  add info on contributing/mitigating factors
-XXX
+2010-04-20 0.3	add CVE name, fix Type:
+2010-04-24 0.4	revise patch
+2010-04-29 0.5	add info on contributing/mitigating factors
+2010-05-06 1.0	complete
 
 
 1. Background
@@ -96,15 +105,17 @@ A. Copyright, License and Warranty
 (C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
 Some rights reserved.
 
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
 To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
 
 Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
 USA
 
 
@@ -125,7 +136,7 @@ so try this if the patch does not apply.
 
 diff --git a/rfc822.c b/rfc822.c
 index 6f2dbf3..dbcda32 100644
---- a/rfc822.c
+- --- a/rfc822.c
 +++ b/rfc822.c
 @@ -25,6 +25,7 @@ MIT license.  Compile with -DMAIN to build the demonstrator.
  #include  <stdlib.h>
@@ -139,9 +150,9 @@ index 6f2dbf3..dbcda32 100644
      }
  
  #ifndef MAIN
--    if (outlevel >= O_DEBUG)
--	report_build(stdout, GT_("About to rewrite %.*s...\n"),
--			(int)BEFORE_EOL(buf), buf);
+- -    if (outlevel >= O_DEBUG)
+- -	report_build(stdout, GT_("About to rewrite %.*s...\n"),
+- -			(int)BEFORE_EOL(buf), buf);
 +    if (outlevel >= O_DEBUG) {
 +	report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf))));
 +	xfree(cp);
@@ -153,9 +164,9 @@ index 6f2dbf3..dbcda32 100644
      }
  
  #ifndef MAIN
--    if (outlevel >= O_DEBUG)
--	report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
--			(int)BEFORE_EOL(buf), buf);
+- -    if (outlevel >= O_DEBUG)
+- -	report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
+- -			(int)BEFORE_EOL(buf), buf);
 +    if (outlevel >= O_DEBUG) {
 +	report_complete(stdout, GT_("...rewritten version is %s.\n"),
 +			(cp = sdump(buf, BEFORE_EOL(buf))));
@@ -167,7 +178,7 @@ index 6f2dbf3..dbcda32 100644
      return(buf);
 diff --git a/uid.c b/uid.c
 index fdc6f5d..9a62ee2 100644
---- a/uid.c
+- --- a/uid.c
 +++ b/uid.c
 @@ -20,6 +20,7 @@
  
@@ -181,8 +192,8 @@ index fdc6f5d..9a62ee2 100644
  	    {
  		report_build(stdout, GT_("Old UID list from %s:"), 
  			     ctl->server.pollname);
--		for (idp = ctl->oldsaved; idp; idp = idp->next)
--		    report_build(stdout, " %s", idp->id);
+- -		for (idp = ctl->oldsaved; idp; idp = idp->next)
+- -		    report_build(stdout, " %s", idp->id);
 +		for (idp = ctl->oldsaved; idp; idp = idp->next) {
 +		    char *t = sdump(idp->id, strlen(idp->id));
 +		    report_build(stdout, " %s", t);
@@ -195,8 +206,8 @@ index fdc6f5d..9a62ee2 100644
  	if (uidlcount)
  	{
  	    report_build(stdout, GT_("Scratch list of UIDs:"));
--	    for (idp = scratchlist; idp; idp = idp->next)
--		report_build(stdout, " %s", idp->id);
+- -	    for (idp = scratchlist; idp; idp = idp->next)
+- -		report_build(stdout, " %s", idp->id);
 +	    for (idp = scratchlist; idp; idp = idp->next) {
 +		char *t = sdump(idp->id, strlen(idp->id));
 +		report_build(stdout, " %s", t);
@@ -209,8 +220,8 @@ index fdc6f5d..9a62ee2 100644
  	    report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
  	else
  	    report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname);
--	for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
--	    report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- -	for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next)
+- -	    report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
 +	for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) {
 +	    char *t = sdump(idp->id, strlen(idp->id));
 +	    report_build(stdout, " %s = %d", t, idp->val.status.mark);
@@ -223,8 +234,8 @@ index fdc6f5d..9a62ee2 100644
  	/* this is now a merged list! the mails which were seen in this
  	 * poll are marked here. */
  	report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname);
--	for (idp = ctl->oldsaved; idp; idp = idp->next)
--	    report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
+- -	for (idp = ctl->oldsaved; idp; idp = idp->next)
+- -	    report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
 +	for (idp = ctl->oldsaved; idp; idp = idp->next) {
 +	    char *t = sdump(idp->id, strlen(idp->id));
 +	    report_build(stdout, " %s = %d", t, idp->val.status.mark);
@@ -233,3 +244,10 @@ index fdc6f5d..9a62ee2 100644
  	if (!idp)
  	    report_build(stdout, GT_(" <empty>"));
  	report_complete(stdout, "\n");
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZVpfQCcD3U6m1MbJOFZV4FgI7e042vF
+HcEAn0j6ZFwp9dh2G7PJSkN9CM0XazyJ
+=JUs1
+-----END PGP SIGNATURE-----