fetchmail 6.3.4-1ubuntu4.2 source package in Ubuntu
Changelog
fetchmail (6.3.4-1ubuntu4.2) edgy-security; urgency=low
* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
send certain warning messages
* added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
attackers may be able to acquire a portion of a user's authentication
credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
limitations as well as updating pop3.c to more strictly validate the
presented challenge for RFC-822 conformity. This change to pop3.c does
not fix the APOP design flaw, but does make attacks against APOP somewhat
more difficult.
* References
CVE-2007-4565
CVE-2007-1558
-- Jamie Strandboge <email address hidden> Tue, 25 Sep 2007 10:29:49 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Edgy
- Original maintainer:
- Fetchmail Maintainers
- Architectures:
- any
- Section:
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| fetchmail_6.3.4.orig.tar.gz | 1.3 MiB | b19dd2e4ea5c12f0917edcf82bdf7af8c7794547c5b3dd9fdb4ba45e73e5e6b4 |
| fetchmail_6.3.4-1ubuntu4.2.diff.gz | 53.6 KiB | e59ccba81d9e952564b5069dd68f960a4ae20a78674e34f8eeecec34664ca5ad |
| fetchmail_6.3.4-1ubuntu4.2.dsc | 765 bytes | 46b94a7981801ae8b6023ceda6fe0b7affaca881efaa7da5ea9d8eec007b6b74 |
Binary packages built by this source
- fetchmail: No summary available for fetchmail in ubuntu edgy.
No description available for fetchmail in ubuntu edgy.
- fetchmailconf: No summary available for fetchmailconf in ubuntu edgy.
No description available for fetchmailconf in ubuntu edgy.
