Ubuntu
fetchmail package

lp:ubuntu/edgy-security/fetchmail

Edgy (6.10)
edgy-security

Created by James Westby on 2009-07-04 and last modified on 2009-07-04

Get this branch:: bzr branch lp:ubuntu/edgy-security/fetchmail

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

14. By Jamie Strandboge on 2007-09-25: * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* References
  CVE-2007-4565
  CVE-2007-1558
13. By Kees Cook on 2007-01-09: * SECURITY UPDATE: password can leak in cleartext when SSL configured.
* Add 'debian/patches/04.fix-cleartext-leak.dpatch': extracted from upstream.
* References
CVE-2006-5867
12. By Martin Pitt on 2006-10-23: Add debian/patches/03.fix-ja.po.dpatch: Japanese does not have any plural
forms; remove the useless msgstr[1] from Japanese translation so that
msgfmt does not abort with a fatal error. Fixes FTBFS.
11. By Scott James Remnant (Canonical) on 2006-10-12: s/python2.3/python2.4/ in debian/rules to fix FTBFS.
10. By Scott James Remnant (Canonical) on 2006-09-18: Remove stop script symlinks from rc0 and rc6.
9. By Scott James Remnant (Canonical) on 2006-07-06: * Merge from debian unstable, remaining changes:
  - LSB init script,
  - suggest postfix rather than exim4,
  - python2.4
8. By Andrew Mitchell on 2006-03-29: * Install fetchmailconf files into /usr/lib/python2.4 rather than
/usr/lib/python2.3
- Malone #31798
7. By Martin Pitt on 2006-02-07: * Resynchronise with Debian. This brings the new upstream version to dapper
since upstream support for 6.2 was dropped.
* Drop debian/patches/CVE-2005-4348.dpatch, upstream now.
6. By Martin Pitt on 2006-01-02: * SECURITY UPDATE: Remote DoS.
* Add debian/patches/CVE-2005-4348.dpatch:
  - Fix double free crash on messages without any headers when using
    multidrop mode.
  - Fix backported from stable 6.2.5.5 release.
  - CVE-2005-4348.
5. By Martin Pitt on 2005-11-17: Resynchronise with Debian.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/fetchmail

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntufetchmail package