diff options
| -rw-r--r-- | fetchmail-SA-2005-01.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2005-02.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2005-03.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2006-01.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2006-02.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2006-03.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2007-01.txt | 10 | ||||
| -rw-r--r-- | fetchmail-SA-2007-02.txt | 14 | ||||
| -rw-r--r-- | fetchmail-SA-2008-01.txt | 16 |
9 files changed, 95 insertions, 5 deletions
diff --git a/fetchmail-SA-2005-01.txt b/fetchmail-SA-2005-01.txt index 129fe434..948a40fb 100644 --- a/fetchmail-SA-2005-01.txt +++ b/fetchmail-SA-2005-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2005-01: security announcement Topic: remote code injection vulnerability in fetchmail @@ -121,3 +124,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2005-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WWvmGDOQUufZURAqbIAKCZF7CJxDxKOQ0x254dvkx3qhMC6wCfUAlm +9MT9GHxQYjdYZvzv9G4jOEA= +=6AoG +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2005-02.txt b/fetchmail-SA-2005-02.txt index 271a3d02..f2400a39 100644 --- a/fetchmail-SA-2005-02.txt +++ b/fetchmail-SA-2005-02.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2005-02: security announcement Topic: password exposure in fetchmailconf @@ -94,3 +97,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2005-02.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WWvmGDOQUufZURAlq/AKCx+EnXjnakBVkUjtdIh+moYOgIqACdERnd +TR05jtCG4JEb6iHz8AVcfOc= +=vL+b +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2005-03.txt b/fetchmail-SA-2005-03.txt index f8fb3448..43468f5d 100644 --- a/fetchmail-SA-2005-03.txt +++ b/fetchmail-SA-2005-03.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2005-03: security announcement Topics: #1 crash retrieving headerless message in multidrop mode @@ -111,3 +114,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2005-03.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAjqeAJ90wOleuLWpPKGLdPyLHeDqjxXBrQCgktVz +5rKRtG/LwqXUiqNxjHALy7k= +=NBXT +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2006-01.txt b/fetchmail-SA-2006-01.txt index 6db513c3..8f2e9abe 100644 --- a/fetchmail-SA-2006-01.txt +++ b/fetchmail-SA-2006-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2006-01: crash when bouncing messages. Topics: #1 crash when bouncing a message @@ -101,3 +104,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2006-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAtJBAKCjxJ3q11MxXxAWqqFYlB/z0uJMVwCeLc2O +SHK7Gu7QlDzSv3lahIbLUTU= +=g1dk +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt index 5c97fa14..f690e883 100644 --- a/fetchmail-SA-2006-02.txt +++ b/fetchmail-SA-2006-02.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS @@ -123,3 +126,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2006-02.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAr4xAKDSgBfyRuCoznZM6vuyA3aDHr/o5QCgvuDX +OKcBNAf2aVZjS9X0+w/fEc8= +=PAe2 +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2006-03.txt b/fetchmail-SA-2006-03.txt index 083f2e5b..7b146fb2 100644 --- a/fetchmail-SA-2006-03.txt +++ b/fetchmail-SA-2006-03.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2006-03: crash when refusing message delivered through MDA Topics: fetchmail crashes when refusing a message bound for an MDA @@ -80,3 +83,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2006-03.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAsUHAKDEjsB1YI+WdghCXiwjyl4630kVpQCg66na +pyGK3l7WWgJH/K8oM4bmcRU= +=+oGe +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2007-01.txt b/fetchmail-SA-2007-01.txt index 5b574d07..80958f80 100644 --- a/fetchmail-SA-2007-01.txt +++ b/fetchmail-SA-2007-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2007-01: APOP considered insecure Topics: APOP authentication insecure, fetchmail implementation lax @@ -92,3 +95,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END OF fetchmail-SA-2007-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAg8MAKDewyOyTpRs6HMcNLMA0vXx4glwLQCeOov6 +r9AYJJu51+yAhjox79Tli+I= +=pGe2 +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2007-02.txt b/fetchmail-SA-2007-02.txt index 9fd5466c..4e694eb7 100644 --- a/fetchmail-SA-2007-02.txt +++ b/fetchmail-SA-2007-02.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2007-02: Crash when a local warning message is rejected Topics: Crash when a fetchmail-generated warning message is rejected @@ -105,16 +108,23 @@ B. Patch to remedy the problem Index: sink.c =================================================================== ---- sink.c (revision 5118) +- --- sink.c (revision 5118) +++ sink.c (revision 5119) @@ -262,7 +262,7 @@ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ -- if (!msg->return_path[0] || +- - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) END OF fetchmail-SA-2007-02.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WXvmGDOQUufZURAr8+AKC7GpAFvCTaHD69n+g39lWtPIheCwCglj/O +yh3P8bOmEn3a54h4aH2BFLA= +=NBQZ +-----END PGP SIGNATURE----- diff --git a/fetchmail-SA-2008-01.txt b/fetchmail-SA-2008-01.txt index a74fb081..6fbf15e4 100644 --- a/fetchmail-SA-2008-01.txt +++ b/fetchmail-SA-2008-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2008-01: Crash on large log messages in verbose mode Topics: Crash in large log messages in verbose mode. @@ -118,13 +121,13 @@ B. Patch to remedy the problem diff --git a/report.c b/report.c index 31d4e48..2a731ac 100644 ---- a/report.c +- --- a/report.c +++ b/report.c @@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist) rep_ensuresize(); #if defined(VA_START) -- VA_START (args, message); +- - VA_START (args, message); for ( ; ; ) { + /* @@ -143,9 +146,16 @@ index 31d4e48..2a731ac 100644 partial_message_size += 2048; partial_message = REALLOC (partial_message, partial_message_size); } -- va_end (args); +- - va_end (args); #else for ( ; ; ) { END OF fetchmail-SA-2008-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFIV7WYvmGDOQUufZURAs7/AJ49LCd2q34puZHNe4GxcXnsOtB8DQCg7mth +BUgZUxZxPInU60c9rNFbOm8= +=yg6v +-----END PGP SIGNATURE----- |