[fetchmail-users] fetchmail 6.3.2-rc4 final release candidate

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

a recently reported Debian bug spoiled my plans to have -rc3 as the
final release candidate, but I hope it was the penultimate - to avoid
embarrassment with the final 6.3.2, I've chosen to insert -rc4.

This release candidate fixes a segfault after sending a bounce.

This release candidate (#4) for 6.3.2 is available from
http://mandree.home.pages.de/fetchmail/

I have requested a CVE Id from MITRE to track this problem and will add
it to the security announcement before 6.3.2 release.

Changes in fetchmail 6.3.2-rc4 (from -rc3):

# SECURITY FIX IN THIS RELEASE
* CVE-2006-XXXX: Fix segfault or bus error after bouncing a message.  This bug
  was introduced into 6.3.0 when removing alloca(); it caused fetchmail to free
  random memory.  Reported by Nathaniel W. Turner, Debian Bug#348747.
  See fetchmail-SA-2006-01.txt

# CHANGES RELEVANT TO PACKAGERS:
* Added fetchmail-SA-2006-01.txt to the distribution.

Happy fetchmailing,
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFDzxDdvmGDOQUufZURAiVYAJ4q2xxCuGVrxcP+VJ/fronZz7R/twCgsJXS
jVwe62uMCA+5wYN2iIQ5F1Y=
=V2fc
-----END PGP SIGNATURE-----

[fetchmail-users] fetchmail 6.3.2-rc4 final release candidate

Client daemon to move mail from POP and IMAP to your local computer

[fetchmail-users] fetchmail 6.3.2-rc4 final release candidate