Author: Matthias Andree
Version: 1.0
-Announced:
+Announced: 2010-02-05
Type: malloc() Buffer overrun with printable characters
Impact: Code injection (difficult).
Danger: low
-CVE Name: to be assigned via oss-security@ list
+CVE Name: CVE-2010-0562
+CVSSv2: (AV:N/AC:H/Au:N/C:N/I:C/A:P/E:U/RL:O/RC:C) proposed
URL: http://www.fetchmail.info/fetchmail-SA-2010-01.txt
Project URL: http://www.fetchmail.info/
Not affected: fetchmail release 6.3.14 and newer
Corrected: 2010-02-04 fetchmail SVN (r5467)
+ Git (f1c7607615ebd48807db6170937fe79bb89d47d4)
2010-02-05 fetchmail release 6.3.14
2010-02-04 0.1 first draft (visible in SVN and through oss-security)
2010-02-05 1.0 fixed signed/unsigned typo (found by Nico Golde)
+2010-02-09 1.1 added CVE/CVSS, Announced: date
1. Background
(C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons
-Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
+
To view a copy of this license, visit
-http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
+http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
+or send a letter to:
Creative Commons
-171 Second Street
-Suite 300
-SAN FRANCISCO, CALIFORNIA 94105
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
USA
END OF fetchmail-SA-2010-01.txt
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.12 (GNU/Linux)
+Version: GnuPG v1.4.11 (GNU/Linux)
-iEYEARECAAYFAktrbs0ACgkQvmGDOQUufZWzMQCg49F/WJiOjGwWZKHHzBcfTgx/
-sLIAmQHPO3mezy3Ku0O29b4AXHL2ZQNb
-=kF7s
+iEYEARECAAYFAk9/Yg4ACgkQvmGDOQUufZX0pACg7jUxqFQzdhdVDXk/izXBNkfg
+ZBgAnAhDK4mYPoCzoiaJhEHM6rET4W+v
+=AX1N
-----END PGP SIGNATURE-----