diff options
-rw-r--r-- | RELEASEVERSIONS | 2 | ||||
-rw-r--r-- | website/index.html | 50 |
2 files changed, 18 insertions, 34 deletions
diff --git a/RELEASEVERSIONS b/RELEASEVERSIONS index 62fe6547..f4dab73a 100644 --- a/RELEASEVERSIONS +++ b/RELEASEVERSIONS @@ -1,6 +1,6 @@ SVN release - fetchmail release ================================ -r5244 - 6.3.9 (2008-11-16) +r5248 - 6.3.9 (2008-11-16) r5093 - 6.3.8 (2007-04-06) r5037 - 6.3.7 (2007-02-18) r5010 - 6.3.6 (2007-01-05) diff --git a/website/index.html b/website/index.html index 60032d63..e8f43f07 100644 --- a/website/index.html +++ b/website/index.html @@ -14,7 +14,7 @@ <table width="100%" cellpadding="0" summary="Canned page header"> <tr> <td>Fetchmail</td> -<td align="right"><!-- update date -->2008-06-24</td> +<td align="right"><!-- update date -->2008-11-16</td> </tr> </table> </div> @@ -44,43 +44,27 @@ href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released</a>, fixing several annoying bugs. <a href="http://mandree.home.pages.de/fetchmail/NEWS-6.3.6-rc5.txt">Click here for details.</a></p> </div> --> -<div style="background-color:#80ff80;color:#000000;"> -<h1>ADDITIONAL FIXES FOR FETCHMAIL 6.3.8 RELEASE</h1> -<p>New 2008-06-24 After the fetchmail-6.3.8 release described below, -two denial-of-service vulnerabilities were discovered, but a new release -is not yet available. Release candidates may be found at <a - href="http://home.pages.de/~mandree/fetchmail/">http://home.pages.de/~mandree/fetchmail/</a>. -Official patches for 6.3.8 are parts of the security -announcements (you may need to use patch -l to apply them, this should -tell patch to ignore whitespace differences):</p> -<ul> - <li><strong>(REVISED)</strong> <a href="#cve-2008-2711">CVE-2008-2711:</a> <a - href="fetchmail-SA-2008-01.txt">fetchmail-SA-2008-01.txt</a></li> - <li><a href="#cve-2007-4565">CVE-2007-4565:</a> <a - href="fetchmail-SA-2007-02.txt">fetchmail-SA-2007-02.txt</a></li> -</ul> -<p>On 2008-04-24, the <a href="fetchmail-FAQ.html">FAQ</a> <a - href="fetchmail-FAQ.pdf">(also available as PDF)</a>, <a - href="fetchmail-man.html">manual page</a> and <a href="fetchmail-SA-2007-01.txt">fetchmail-SA-2007-01.txt (CVE-2007-1558)</a> have been revised.</p> -<p>On 2007-04-06, <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.8 -was released (this is the download link),</a> fixing up further fallout from the CVE-2006-5867 fix, fixing long-standing bugs, and strengthening the APOP client in response to CVE-2007-1558. <a href="https://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=12610">Click here to see the change details.</a></p> </div> - -<div style="background-color:#ffff80;color:#000000;font-size:80%;"> <h1>FETCHMAIL 6.2.X UNSUPPORTED AND VULNERABLE - USE 6.3.X INSTEAD</h1> -<p>fetchmail 6.2.X versions are susceptible to CVE-2006-5867 and CVE-2007-1558 and should be replaced by the most current 6.3.X version. Support has been discontinued as of 2006-01-22.</p> +<div style="background-color:#c0ffc0;color:#000000;"> + <h1>NEWS: FETCHMAIL 6.3.9 RELEASE</h1> + <p>On 2008-11-16, <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.9 + has been released (this is the download link),</a> fixing + various bugs, among them the security issues CVE-2008-2711 and + CVE-2007-4565, and two critical bugs. <a + href="https://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=12610">Click + here to see the change details.</a> + </p> +</div> <!-- -<p>On 2006-01-22, fetchmail 6.2.X has reached end of its support life. No -further releases of 6.2.X versions will be made and no bug reports for 6.2.X -will be accepted unless the bug persists in the 6.3.X releases. Users are asked -to upgrade to the most current 6.3.X release; care was taken to keep 6.3.X as -compatible as possible with 6.2.X to ensure a smooth upgrade experience. See -above for 6.3.X release news.</p> +<div style="background-color:#ffff80;color:#000000;font-size:80%;"> + <h1>FETCHMAIL 6.2.X UNSUPPORTED AND VULNERABLE - USE 6.3.X INSTEAD</h1> + <p>fetchmail 6.2.X versions are susceptible to CVE-2006-5867 and CVE-2007-1558 and should be replaced by the most current 6.3.X version. Support has been discontinued as of 2006-01-22.</p> +</div> --> -</div> -<div style="background-color:#ff8080;color:#000000;font-size:85%"> <h1>SECURITY ALERTS</h1> -<p><strong>NEW</strong> <a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></p> +<div style="background-color:#ffe0c0;color:#000000;font-size:85%"> <h1>SECURITY ALERTS</h1> +<p><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></p> <p><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></p> <p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</p> <p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</p> |