pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/42808: Vulnerable mail/fetchmail package in pkgsrc-current (version 6.3.11)

>Number:         42808
>Category:       pkg
>Synopsis:       Vulnerable mail/fetchmail package in pkgsrc-current (version 
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 13 21:35:00 +0000 2010
>Originator:     Bug Hunting
The mail/fetchmail package in pkgsrc-current, being at version 6.3.11, is
Update pkgsrc-current, then:

$ cd /usr/pkgsrc/mail/fetchmail
$ make package-name | xargs /usr/pkg/sbin/pkg_admin -v audit-pkg -e
Package fetchmail-6.3.11 has a arbitrary-code-execution vulnerability, see
The mail/fetchmail package should either be upgraded to version 6.3.13
after which the patch in section B of 
<> should be applied
(the difficult way), OR the package should be upgraded to version 6.3.14 
(the correct way, i think ;-)).  No details provided on such upgrade
here, although one could see 
 for change details of 6.3.14, and read the security
announcement on the URL already being given.

Any of these two ways of upgrading would override PR pkg/42519 (which was
closed already anyway); doc/TODO should be altered after it as well, removing 
its `fetchmail-6.3.13' line.

Home | Main Index | Thread Index | Old Index