Menu
▾
▴
[fetchmail-devel] Please remove older system/mail/pop[/fetchmail] versions
|
From: Matthias A. <mat...@gm...> - 2005-12-04 11:51:11
|
Greetings, dear Ibiblio keepers, I have just uploaded fetchmail-6.3.0.tar.bz2 and fetchmail.lsm. I have noticed that the system/mail/pop directory contains both a fetchmail subdirectory and heaps of old fetchmail versions. To the best of my knowledge, all versions prior to 6.2.5.2 have remotely exploitable security bugs in the POP3 UIDL code (older versions may have even more bugs), and all versions prior to 6.2.5.4 (which I am not going to upload unless you ask me to) or 6.3.0 expose the local password while "fetchmailconf" writes the configuration, unless the umask is 077. The fetchmail_pcre files are safe and should stay. The tarballs and RPM however are unsafe. I therefore ask you to remove - the entire system/mail/pop/fetchmail directory and - these files from the directory system/mail/pop (again, please keep fetchmail_pcre*, someone might want to update it some day): fetchmail-5.9.13-1.i386.rpm fetchmail-5.9.13-1.src.rpm fetchmail-5.9.13.tar.gz fetchmail-5.9.14-1.i386.rpm fetchmail-5.9.14-1.lsm fetchmail-5.9.14-1.src.rpm fetchmail-5.9.14.tar.gz fetchmail-6.1.0-1.i386.rpm fetchmail-6.1.0-1.src.rpm fetchmail-6.1.0.tar.gz fetchmail-6.1.1-1.i386.rpm fetchmail-6.1.1-1.src.rpm fetchmail-6.1.1.tar.gz fetchmail-6.1.2-1.i386.rpm fetchmail-6.1.2-1.src.rpm fetchmail-6.1.2.tar.gz fetchmail-6.2.2-1.i386.rpm fetchmail-6.2.2-1.src.rpm fetchmail-6.2.2.tar.gz fetchmail-FAQ.html fetchmail.README fetchmail.lsm -- Matthias Andree |
