Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 307761 (CVE-2010-0562) - <net-mail/fetchmail-6.3.14 X.509-related heap overflow in verbose mode (CVE-2010-0562)
Summary: <net-mail/fetchmail-6.3.14 X.509-related heap overflow in verbose mode (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2010-0562
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.fetchmail.info/fetchmail-S...
Whiteboard: C2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-04 12:02 UTC by Alex Legler (RETIRED)
Modified: 2010-06-02 21:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 12:02:45 UTC
CVE-2010-0562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0562):
  The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and
  6.3.13, when running in verbose mode on platforms for which char is
  signed, allows remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via an SSL
  X.509 certificate containing non-printable characters with the high
  bit set, which triggers a heap-based buffer overflow during escaping.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 12:20:21 UTC
Can we go stable with 6.3.14?
Comment 2 Torsten Veller (RETIRED) gentoo-dev 2010-03-04 13:15:16 UTC
(In reply to comment #1)
> Can we go stable with 6.3.14?

Yes. Please stabilize =net-mail/fetchmail-6.3.14
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-04 13:43:50 UTC
x86 stable
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2010-03-04 19:42:34 UTC
alpha/arm/ia64/s390/sh/sparc stable
Comment 5 Markus Meier gentoo-dev 2010-03-07 15:37:23 UTC
  05 Mar 2010; Torsten Veller <tove@gentoo.org> fetchmail-6.3.14.ebuild:
  Stable on amd64 (#307761)
Comment 6 Brent Baude (RETIRED) gentoo-dev 2010-03-08 19:45:25 UTC
ppc64 done
Comment 7 Joe Jezak (RETIRED) gentoo-dev 2010-03-09 22:13:13 UTC
Marked ppc stable.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-03-10 11:08:35 UTC
Stable for HPPA.
Comment 9 Torsten Veller (RETIRED) gentoo-dev 2010-03-29 15:35:13 UTC
All arches done
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-29 22:13:25 UTC
Thanks everyone, GLSA request filed.
Comment 11 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-06-02 21:23:22 UTC
GLSA 201006-12