fetchmail

rpm/fetchmail

SHA256

Fork 0

forked from pool/fetchmail

Commit Graph

Author	SHA256	Message	Date
Dirk Stoecker	79e260e2ae	Accepting request 909104 from home:pmonrealgonzalez:branches:server:mail - Update to 6.4.20: [bsc#1188875, CVE-2021-36386] * CVE-2021-36386: DoS or information disclosure in some configurations. When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation. fetchmail then reallocates memory and re-runs vsnprintf() without another call to va_start(), so it reads garbage. The exact impact depends on many factors around the compiler and operating system configurations used and the implementation details of the stdarg.h interfaces of the two functions mentioned before. OBS-URL: https://build.opensuse.org/request/show/909104 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=117	2021-08-03 08:51:27 +00:00

Author

SHA256

Message

Date

Dirk Stoecker

79e260e2ae

Accepting request 909104 from home:pmonrealgonzalez:branches:server:mail

- Update to 6.4.20: [bsc#1188875, CVE-2021-36386]
  * CVE-2021-36386: DoS or information disclosure in some configurations.
    When a log message exceeds c. 2 kByte in size, for instance,
    with very long header contents, and depending on verbosity
    option, fetchmail can crash or misreport each first log message
    that requires a buffer reallocation. fetchmail then reallocates
    memory and re-runs vsnprintf() without another call to va_start(),
    so it reads garbage. The exact impact depends on many factors
    around the compiler and operating system configurations used and
    the implementation details of the stdarg.h interfaces of the two
    functions mentioned before.

OBS-URL: https://build.opensuse.org/request/show/909104
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=117

2021-08-03 08:51:27 +00:00

1 Commits