diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2008-12-17 16:15:53 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2008-12-17 16:15:53 +0000 |
| commit | 82e4ee310c2d7d627c1b8532b210b465fdae1c19 (patch) | |
| tree | 9621231a8ffcef9512638e88d3795bed19614bb3 /website/index.html | |
| parent | 49918bae335a135d06d78244a86c941a3bd56bb5 (diff) | |
| download | fetchmail-82e4ee310c2d7d627c1b8532b210b465fdae1c19.tar.gz fetchmail-82e4ee310c2d7d627c1b8532b210b465fdae1c19.tar.bz2 fetchmail-82e4ee310c2d7d627c1b8532b210b465fdae1c19.zip | |
after 6.3.9 release, change will be -> has been fixed for CVE-2008-2711 and
CVE-2007-4565.
svn path=/branches/BRANCH_6-3/; revision=5256
Diffstat (limited to 'website/index.html')
| -rw-r--r-- | website/index.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/website/index.html b/website/index.html index db67bb2b..12bf8007 100644 --- a/website/index.html +++ b/website/index.html @@ -71,8 +71,8 @@ href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released< some of the problems mentioned below, even if they aren't mentioned in the security announcements:</p> <ul> - <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> - <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> + <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> + <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</li> |