From 426439b78d29df27d56d1f53b337e288d1f3aae0 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 29 Aug 2007 12:25:34 +0000 Subject: Fix typo and make assessment clearer, update URLs. svn path=/branches/BRANCH_6-3/; revision=5129 --- fetchmail-SA-2007-02.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'fetchmail-SA-2007-02.txt') diff --git a/fetchmail-SA-2007-02.txt b/fetchmail-SA-2007-02.txt index 74fc5558..9fd5466c 100644 --- a/fetchmail-SA-2007-02.txt +++ b/fetchmail-SA-2007-02.txt @@ -12,8 +12,8 @@ CVSS V2 vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:?/RL:O/RC:C) Credits: Earl Chew CVE Name: CVE-2007-4565 -URL: http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt -Project URL: http://fetchmail.berlios.de/ +URL: http://www.fetchmail.info/fetchmail-SA-2007-02.txt +Project URL: http://www.fetchmail.info/ Affects: fetchmail release < 6.3.9 exclusively @@ -60,9 +60,9 @@ This causes fetchmail to crash and not collect further messages until it is restarted. Risk assessment: low. In default configuration, fetchmail will talk -through the loopback interface, that is to the SMTP listener on the same +through the loopback interface, that means to the SMTP server on the same computer as it is running on. Otherwise, it will commonly be configured -to talk to trusted SMTP servers, so a compromise of misconfiguration of +to talk to trusted SMTP servers, so a compromise or misconfiguration of a trusted or the same computer is required to exploit this problem - which usually opens up much easier ways of denying service, or worse. -- cgit v1.2.3