Leafnode

File Release Notes and Changelog

Release Name: 1.9.48.rel

Notes:
### SECURITY BUGFIX
- Fetchnews: when a. minlines=0 (default) and b. delaybody=0 (default) and
  either c. no filterfile is configured (default) or a. and b. and d.
  article_despite_filter=1 are configured, an article with missing mandatory
  headers and without body can hang fetchnews and/or prevent the fetch of
  further articles from the current group or server.
  Reported by Toni Viemerö, SourceForge bug 873149.
  This was a denial-of-service bug, not one that could lead to local or remote
  privilege escalation.

### BUGFIX
- Fetchnews: log group name when articles are skipped that match the minlines,
  maxlines, maxbytes or age filters, for more consistent logging.

### CHANGES
- Rebuilt with autoconf 2.59.


Changes:
2004-01-09  Matthias Andree <matthias.andree@gmx.de>

	=== RELEASE 1.9.48.rel ===
	* fetchnews.c: Security fix: Do not call ignore_answer() when the
	header ends prematurely (i. e. server sends CRLF.CRLF before the
	blank line), this causes fetchnews to lock up and prevents any
	further articles to be fetched from that server. Workaround:
	minlines=1 (or some bigger value) in config file.  Reported by Toni
	Viemerö, SourceForge.net bug #873149, 2004-01-08.
	Log group name for killed articles.