Ubuntu

lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711

Created by Artur Rona on 2010-04-02 and last modified on 2010-04-02
Get this branch:
bzr branch lp:~ari-tczew/ubuntu/dapper/fetchmail/fix-CVE-2008-2711
Only Artur Rona can upload to this branch. If you are Artur Rona please log in for upload directions.

Related bugs

Related blueprints

Branch information

Owner:
Artur Rona
Status:
Mature

Recent revisions

12. By Artur Rona on 2010-04-02

* SECURITY UPDATE: Corrects a denial of service attack that can crash
  fetchmail when running in -v -v mode via malformed mail messages
  with long headers (LP: #240549)
  - debian/patches/07_fix_CVE-2008-2711_DoS.dpatch
  - CVE-2008-2711

11. By Kees Cook on 2009-08-11

* SECURITY UPDATE: SSL cert validation bypass via NULL bytes.
  - add 06_cert_0_byte.patch, thanks to Nico Golde.
  - CVE-2009-2666

10. By Jamie Strandboge on 2007-09-25

* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* References
  CVE-2007-4565
  CVE-2007-1558

9. By Kees Cook on 2007-01-10

* SECURITY UPDATE: password can leak in cleartext when SSL configured.
* Add 'debian/patches/04.fix-cleartext-leak.dpatch': extracted from
  upstream.
* References
  CVE-2006-5867

8. By Andrew Mitchell on 2006-03-29

* Install fetchmailconf files into /usr/lib/python2.4 rather than
  /usr/lib/python2.3
  - Malone #31798

7. By Martin Pitt on 2006-02-07

* Resynchronise with Debian. This brings the new upstream version to dapper
  since upstream support for 6.2 was dropped.
* Drop debian/patches/CVE-2005-4348.dpatch, upstream now.

6. By Martin Pitt on 2006-01-02

* SECURITY UPDATE: Remote DoS.
* Add debian/patches/CVE-2005-4348.dpatch:
  - Fix double free crash on messages without any headers when using
    multidrop mode.
  - Fix backported from stable 6.2.5.5 release.
  - CVE-2005-4348.

5. By Martin Pitt on 2005-11-17

Resynchronise with Debian.

4. By Scott James Remnant (Canonical) on 2005-08-18

Removed error message if /etc/fetchmailrc doesn't exist on startup,
which it won't on fresh installs. (Ubuntu #13044).

3. By Michael Vogt on 2004-12-20

Resynchronise with Debian.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/fetchmail
This branch contains Public information 
Everyone can see this information.

Subscribers