Ubuntu
fetchmail package

Branches for Feisty

Name Status Last Modified Last Commit
lp:ubuntu/feisty/fetchmail 1 Development 2009-07-04 08:59:49 UTC
17. debian/init: Shuffle inclusion and de...

Author: Martin Pitt
Revision Date: 2007-02-06 10:28:24 UTC

debian/init: Shuffle inclusion and default options so that
/etc/default/fetchmail can override the config file location and default
options. Thanks to Tobias Hunger! Closes: LP#30730
lp:ubuntu/feisty-security/fetchmail 1 Development 2009-07-04 08:59:52 UTC
18. * SECURITY UPDATE: DoS via NULL point...

Author: Jamie Strandboge
Revision Date: 2007-09-25 09:55:32 UTC

* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 02_CVE-2007-4565.patch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 03_CVE-2007-1558.patch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* added 04_manpage.patch for improperly formatted manpage (upstream bug)
* References
  CVE-2007-4565
  CVE-2007-1558
* Modify Maintainer value to match the DebianMaintainerField
  specification.
lp:ubuntu/feisty-updates/fetchmail 1 Development 2009-07-04 08:59:59 UTC
18. * SECURITY UPDATE: DoS via NULL point...

Author: Jamie Strandboge
Revision Date: 2007-09-25 09:55:32 UTC

* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 02_CVE-2007-4565.patch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 03_CVE-2007-1558.patch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* added 04_manpage.patch for improperly formatted manpage (upstream bug)
* References
  CVE-2007-4565
  CVE-2007-1558
* Modify Maintainer value to match the DebianMaintainerField
  specification.
13 of 3 results FirstPreviousNextLast