lp:ubuntu/edgy-security/fetchmail
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/fetchmail
Branch merges
Branch information
Recent revisions
- 14. By Jamie Strandboge
-
* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
send certain warning messages
* added 05_CVE-2007-4565. dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
attackers may be able to acquire a portion of a user's authentication
credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558. dpatch. This patch adds notes about APOP's
limitations as well as updating pop3.c to more strictly validate the
presented challenge for RFC-822 conformity. This change to pop3.c does
not fix the APOP design flaw, but does make attacks against APOP somewhat
more difficult.
* References
CVE-2007-4565
CVE-2007-1558 - 13. By Kees Cook
-
* SECURITY UPDATE: password can leak in cleartext when SSL configured.
* Add 'debian/patches/ 04.fix- cleartext- leak.dpatch' : extracted from upstream.
* References
CVE-2006-5867 - 12. By Martin Pitt
-
Add debian/
patches/ 03.fix- ja.po.dpatch: Japanese does not have any plural
forms; remove the useless msgstr[1] from Japanese translation so that
msgfmt does not abort with a fatal error. Fixes FTBFS. - 9. By Scott James Remnant (Canonical)
-
* Merge from debian unstable, remaining changes:
- LSB init script,
- suggest postfix rather than exim4,
- python2.4 - 8. By Andrew Mitchell
-
* Install fetchmailconf files into /usr/lib/python2.4 rather than
/usr/lib/python2. 3
- Malone #31798 - 7. By Martin Pitt
-
* Resynchronise with Debian. This brings the new upstream version to dapper
since upstream support for 6.2 was dropped.
* Drop debian/patches/ CVE-2005- 4348.dpatch, upstream now. - 6. By Martin Pitt
-
* SECURITY UPDATE: Remote DoS.
* Add debian/patches/ CVE-2005- 4348.dpatch:
- Fix double free crash on messages without any headers when using
multidrop mode.
- Fix backported from stable 6.2.5.5 release.
- CVE-2005-4348.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/fetchmail