From 7bc419bd4c2a661c8521c107c3e78da1b5e2efae Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 16 Nov 2008 15:33:45 +0000 Subject: Move 6.3.9 tag. svn path=/branches/BRANCH_6-3/; revision=5247 --- RELEASEVERSIONS | 2 +- website/index.html | 50 +++++++++++++++++--------------------------------- 2 files changed, 18 insertions(+), 34 deletions(-) diff --git a/RELEASEVERSIONS b/RELEASEVERSIONS index 62fe6547..f4dab73a 100644 --- a/RELEASEVERSIONS +++ b/RELEASEVERSIONS @@ -1,6 +1,6 @@ SVN release - fetchmail release ================================ -r5244 - 6.3.9 (2008-11-16) +r5248 - 6.3.9 (2008-11-16) r5093 - 6.3.8 (2007-04-06) r5037 - 6.3.7 (2007-02-18) r5010 - 6.3.6 (2007-01-05) diff --git a/website/index.html b/website/index.html index 60032d63..e8f43f07 100644 --- a/website/index.html +++ b/website/index.html @@ -14,7 +14,7 @@ - +
Fetchmail2008-06-242008-11-16
@@ -44,43 +44,27 @@ href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released, fixing several annoying bugs. Click here for details.

--> -
-

ADDITIONAL FIXES FOR FETCHMAIL 6.3.8 RELEASE

-

New 2008-06-24 After the fetchmail-6.3.8 release described below, -two denial-of-service vulnerabilities were discovered, but a new release -is not yet available. Release candidates may be found at http://home.pages.de/~mandree/fetchmail/. -Official patches for 6.3.8 are parts of the security -announcements (you may need to use patch -l to apply them, this should -tell patch to ignore whitespace differences):

- -

On 2008-04-24, the FAQ (also available as PDF), manual page and fetchmail-SA-2007-01.txt (CVE-2007-1558) have been revised.

-

On 2007-04-06, fetchmail-6.3.8 -was released (this is the download link), fixing up further fallout from the CVE-2006-5867 fix, fixing long-standing bugs, and strengthening the APOP client in response to CVE-2007-1558. Click here to see the change details.

- -

FETCHMAIL 6.2.X UNSUPPORTED AND VULNERABLE - USE 6.3.X INSTEAD

-

fetchmail 6.2.X versions are susceptible to CVE-2006-5867 and CVE-2007-1558 and should be replaced by the most current 6.3.X version. Support has been discontinued as of 2006-01-22.

+
+

NEWS: FETCHMAIL 6.3.9 RELEASE

+

On 2008-11-16, fetchmail-6.3.9 + has been released (this is the download link), fixing + various bugs, among them the security issues CVE-2008-2711 and + CVE-2007-4565, and two critical bugs. Click + here to see the change details. +

+
-
-

SECURITY ALERTS

-

NEW CVE-2008-2711: Fetchmail can crash in verbose mode when logging long message headers. This bug will be fixed in release 6.3.9. For the nonce, use the patch contained in the security announcement.

+

SECURITY ALERTS

+

CVE-2008-2711: Fetchmail can crash in verbose mode when logging long message headers. This bug will be fixed in release 6.3.9. For the nonce, use the patch contained in the security announcement.

CVE-2007-4565: Fetchmail can crash when the SMTP server refuses a warning message generated by fetchmail. This bug was introduced in fetchmail 4.6.8 and will be fixed in release 6.3.9. For the nonce, use the patch contained in this security announcement.

CVE-2007-1558: Fetchmail's APOP client was found to validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be. This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.

CVE-2006-5974: Fetchmail was found to crash when refusing a message that was bound to be delivered by an MDA. This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.

-- cgit v1.2.3