Fix typo repsonsible -> responsible.

[~andy/fetchmail] / fetchmail-SA-2010-01.txt

diff --git a/fetchmail-SA-2010-01.txt b/fetchmail-SA-2010-01.txt
index 7abc2211135c427fec66a461dca8569e30af7238..0d75e88a72ccd330161fda99ba18fbe28b34f967 100644 (file)
--- a/fetchmail-SA-2010-01.txt
+++ b/fetchmail-SA-2010-01.txt
@@ -1,16 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 fetchmail-SA-2010-01: Heap overrun in verbose SSL cert' info display.
 
 Topics:                Heap overrun in verbose SSL certificate information display.
 
 Author:                Matthias Andree
 Version:       1.0
-Announced:
+Announced:     2010-02-05
 Type:          malloc() Buffer overrun with printable characters
 Impact:                Code injection (difficult).
 Danger:                low
-CVSSv2 vectors:
 
-CVE Name:
+CVE Name:      CVE-2010-0562
+CVSSv2:                (AV:N/AC:H/Au:N/C:N/I:C/A:P/E:U/RL:O/RC:C) proposed
 URL:           http://www.fetchmail.info/fetchmail-SA-2010-01.txt
 Project URL:   http://www.fetchmail.info/
 
@@ -19,12 +22,16 @@ Affects:    fetchmail releases 6.3.11, 6.3.12, and 6.3.13
 Not affected:  fetchmail release 6.3.14 and newer
 
 Corrected:     2010-02-04 fetchmail SVN (r5467)
+                          Git (f1c7607615ebd48807db6170937fe79bb89d47d4)
+               2010-02-05 fetchmail release 6.3.14
 
 
 0. Release history
 ==================
 
-2010-02-04 0.1 first draft (visible in SVN)
+2010-02-04 0.1 first draft (visible in SVN and through oss-security)
+2010-02-05 1.0 fixed signed/unsigned typo (found by Nico Golde)
+2010-02-09 1.1 added CVE/CVSS, Announced: date
 
 
 1. Background
@@ -50,14 +57,14 @@ buffer overrun because non-printing characters are escaped as
 \xFF..FFnn, where nn is 80..FF in hex.
 
 This might be exploitable to inject code if
-- fetchmail is run in verbose mode
+- - fetchmail is run in verbose mode
 AND
-- the host running fetchmail considers char signed
+- - the host running fetchmail considers char signed
 AND
-- the server uses malicious certificates with non-printing characters
+- - the server uses malicious certificates with non-printing characters
   that have the high bit set
 AND
-- these certificates manage to inject shell-code that consists purely of
+- - these certificates manage to inject shell-code that consists purely of
   printable characters.
 
 It is believed to be difficult to achieve all this.
@@ -88,15 +95,17 @@ A. Copyright, License and Warranty
 (C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
 Some rights reserved.
 
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
 To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
 
 Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
 USA
 
 
@@ -115,16 +124,23 @@ or strip them manually. You may want to use the "-p1" flag to patch.
 Whitespace differences can usually be ignored by invoking "patch -l",
 so try this if the patch does not apply.
 
---- a/sdump.c
+- --- a/sdump.c
 +++ b/sdump.c
 @@ -36,7 +36,7 @@ char *sdump(const char *in, size_t len)
        if (isprint((unsigned char)in[i])) {
            *(oi++) = in[i];
        } else {
--          oi += sprintf(oi, "\\x%02X", in[i]);
+- -        oi += sprintf(oi, "\\x%02X", in[i]);
 +          oi += sprintf(oi, "\\x%02X", (unsigned char)in[i]);
        }
      }
      *oi = '\0';
 
 END OF fetchmail-SA-2010-01.txt
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZX0pACg7jUxqFQzdhdVDXk/izXBNkfg
+ZBgAnAhDK4mYPoCzoiaJhEHM6rET4W+v
+=AX1N
+-----END PGP SIGNATURE-----