- Artur Rona
- 12. By Artur Rona on 2010-04-02
* SECURITY UPDATE: Corrects a denial of service attack that can crash
fetchmail when running in -v -v mode via malformed mail messages
with long headers (LP: #240549)
patches/ 07_fix_ CVE-2008- 2711_DoS. dpatch
- 11. By Kees Cook on 2009-08-11
* SECURITY UPDATE: SSL cert validation bypass via NULL bytes.
- add 06_cert_
0_byte. patch, thanks to Nico Golde.
- 10. By Jamie Strandboge on 2007-09-25
* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
send certain warning messages
* added 05_CVE-
2007-4565. dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
attackers may be able to acquire a portion of a user's authentication
credentials using man-in-the-middle techniques.
* added 06_CVE-
2007-1558. dpatch. This patch adds notes about APOP's
limitations as well as updating pop3.c to more strictly validate the
presented challenge for RFC-822 conformity. This change to pop3.c does
not fix the APOP design flaw, but does make attacks against APOP somewhat
- 9. By Kees Cook on 2007-01-10
* SECURITY UPDATE: password can leak in cleartext when SSL configured.
* Add 'debian/
patches/ 04.fix- cleartext- leak.dpatch' : extracted from
- 8. By Andrew Mitchell on 2006-03-29
* Install fetchmailconf files into /usr/lib/python2.4 rather than
- Malone #31798
- 7. By Martin Pitt on 2006-02-07
* Resynchronise with Debian. This brings the new upstream version to dapper
since upstream support for 6.2 was dropped.
* Drop debian/
patches/ CVE-2005- 4348.dpatch, upstream now.
- 6. By Martin Pitt on 2006-01-02
* SECURITY UPDATE: Remote DoS.
* Add debian/
patches/ CVE-2005- 4348.dpatch:
- Fix double free crash on messages without any headers when using
- Fix backported from stable 184.108.40.206 release.
- 4. By Scott James Remnant (Canonical) on 2005-08-18
Removed error message if /etc/fetchmailrc doesn't exist on startup,
which it won't on fresh installs. (Ubuntu #13044).
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on: