pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/43269: fetchmail should be bumped up to version 6.3.17

>Number:         43269
>Category:       pkg
>Synopsis:       fetchmail should be bumped up to version 6.3.17
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu May 06 11:45:00 +0000 2010
>Originator:     Michael Vergallen
>Release:        PKGSRC-2010Q1
Can you please update the version from 6.3.14 to version 6.3.17 because of a 
bug in 6.3.14 that affects UTF-8. see below from the release notes.

CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
  external input (mail headers and UID). When a multi-character locale (such as 
UTF-8) was in use, this could cause memory exhaustion and thus a denial of 
service, because fetchmail's report.c functions assumed that non-success of 
[v]snprintf was due to insufficient buffer size allocation. It would then 
repeatedly reallocate a larger buffer and fail formatting again. See 

update to latest version

Home | Main Index | Thread Index | Old Index