5cc5034daa
For more details have a look at http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt Changes listed within the NEWS file since 6.2.5: fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005): * NOTE: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. CVE Name: CAN-2005-2335. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. |
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||