Menu
▾
▴
[fetchmail-users] fetchmail 6.2.5.5 legacy release fixes Denial of Service bug
|
From: Matthias A. <mat...@gm...> - 2005-12-19 12:25:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am announcing the release of fetchmail 6.2.5.5. This release fixes a denial of service bug/fetchmail crash in multidrop mode, plugs a socket leak when SSL negotiation fails and adds the three security announcements from 2005 that the project issued so far. The software is available from: <https://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=8403> fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note this 6.2.5.X branch is going to be discontinued in Early 2006, all users are advised to upgrade to the new 6.3.1 fetchmail release instead. There have been very few incompatible changes, most sites should be unaffected. 6.3.1 however fixes dozens of bugs (literally) that 6.2.5.5 still has. fetchmail 6.3.1 is available from <https://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=8405> These are the relevant changes in 6.2.5.5 since (and excluding) 6.2.5.4: * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt Regards, - -- Matthias Andree -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDppiZvmGDOQUufZURAiVVAKCrH0gGmn/GCjFa8jag7FeUoPSyOQCgsezV BQuopaSln4QWcgLAYBm4OPM= =IvLw -----END PGP SIGNATURE----- |
