aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmail-SA-2006-01.txt
diff options
context:
space:
mode:
Diffstat (limited to 'fetchmail-SA-2006-01.txt')
-rw-r--r--fetchmail-SA-2006-01.txt28
1 files changed, 15 insertions, 13 deletions
diff --git a/fetchmail-SA-2006-01.txt b/fetchmail-SA-2006-01.txt
index a4e8c4d2..9450e6a4 100644
--- a/fetchmail-SA-2006-01.txt
+++ b/fetchmail-SA-2006-01.txt
@@ -4,8 +4,8 @@ Topics: #1 crash when bouncing a message
#2 fetchmail 6.2.5.X end of life
Author: Matthias Andree
-Version: XXX
-Announced: XXX
+Version: 1.0
+Announced: 2006-01-22
Type: free() with bogus pointer
Impact: fetchmail crashes
Danger: low
@@ -15,15 +15,16 @@ URL: http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt
http://bugs.debian.org/348747
Project URL: http://fetchmail.berlios.de/
-Affects: fetchmail version 6.3.0
- fetchmail version 6.3.1
+Affects: fetchmail release >= 6.3.0
+ fetchmail release < 6.3.2
+ fetchmail release candidates 6.3.2-rc1, -rc2 and -rc3
-Not affected: fetchmail 6.3.2
- fetchmail 6.2.5.5
+Not affected: fetchmail release candidate 6.3.2-rc4
other versions not mentioned here or in the previous
sections have not been checked
Corrected: 2006-01-19 fetchmail 6.3.2-rc4
+ 2006-01-22 fetchmail 6.3.2
0. Release history
@@ -31,6 +32,7 @@ Corrected: 2006-01-19 fetchmail 6.3.2-rc4
2006-01-19 internal review draft
2006-01-20 add CVE ID
+2006-01-22 release 1.0
1. Background
@@ -49,12 +51,11 @@ control) files for fetchmail.
=================================
Fetchmail contains a bug that causes itself to crash when bouncing a
-message to the originator or to the local postmaster. Fetchmail crashes
-when trying to free the dynamic array of failed addresses, and calls the
-free() function with an invalid pointer.
-
-Note that such messages are not RFC-822 conformant, so if the server has
-not been tampered with, the server software is faulty.
+message to the originator or to the local postmaster. The crash happens
+after the bounce message has been sent, when fetchmail tries to free the
+dynamic array of failed addresses, and calls the free() function with an
+invalid pointer. This bug was introduced short before fetchmail 6.3.0
+and is not present in the now discontinued 6.2.X series (see below).
3. Workaround
@@ -78,7 +79,8 @@ The aged fetchmail 6.2.5.X branch is discontinued effective immediately.
No further releases from the 6.2.5.X branch will be made.
The new 6.3.X stable branch has been available since 2005-11-30
-and will not change except for bugfixes, documentation and translations.
+and will not change except for bugfixes, documentation and message
+translations.
A. Copyright, License and Warranty