kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/fetchmail/patches
History
frueauf 5cc5034daa Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335. 
For more details have a look at
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Changes listed within the NEWS file since 6.2.5:

fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

* NOTE: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
  POP3 servers overflow fetchmail's stack. Debian bug #212762.
  This is a remote root exploit. CVE Name: CAN-2005-2335.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
2005-07-22 14:27:52 +00:00
..
patch-aa
patch-ab
patch-ac
patch-ad
patch-ae Include change described in pr/29955 which checks for $with_kerberos5 2005-04-21 10:55:48 +00:00
patch-af Update fetchmail{conf} to 5.9.11. 2002-04-06 16:53:01 +00:00
patch-ag Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335. 2005-07-22 14:27:52 +00:00