[22177] in bugtraq
Re: Fetchmail security advisory
daemon@ATHENA.MIT.EDU (Matt Zimmerman)
Thu Aug 9 22:14:20 2001
Date: Thu, 9 Aug 2001 20:40:57 -0400
From: Matt Zimmerman <mdz@debian.org>
To: bugtraq@securityfocus.com
Message-ID: <20010809204057.E9502@alcor.net>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="eMnpOGXCMazMAbfp"
Content-Disposition: inline
In-Reply-To: <20010810000341.C1176@blu>
--eMnpOGXCMazMAbfp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 10, 2001 at 12:03:41AM +0200, antirez wrote:
> VERSION AFFECTED
>=20
> Probably all the fetchmail versions prior (not including) 5.8.17.
Note that Debian fetchmail 5.8.16-1 already includes the
suggested fix:
fetchmail (5.8.16-1) unstable; urgency=3Dhigh
[...]
* SECURITY FIX: fix remote exploit on pop3 and imap protocols; Thanks
to Salvatore Sanfilippo <antirez@invece.org> for reporting the bug
and suggesting a patch to fix it.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 14 Jul 2001 12:38:26=
-030
--=20
- mdz
--eMnpOGXCMazMAbfp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7cy2YArxCt0PiXR4RAthRAJ9weTj/0SEyFFnsPveqHSzmtjTLRgCgpX8m
bHRl+MufqnJKuO3K1vaWCdo=
=EXN1
-----END PGP SIGNATURE-----
--eMnpOGXCMazMAbfp--
