pkg/43269: fetchmail should be bumped up to version 6.3.17

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/43269: fetchmail should be bumped up to version 6.3.17
From: mvergall%telenet.be@localhost
Date: Thu, 6 May 2010 11:45:00 +0000 (UTC)

>Number:         43269
>Category:       pkg
>Synopsis:       fetchmail should be bumped up to version 6.3.17
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu May 06 11:45:00 +0000 2010
>Originator:     Michael Vergallen
>Release:        PKGSRC-2010Q1
>Organization:
>Environment:
all
>Description:
Can you please update the version from 6.3.14 to version 6.3.17 because of a 
bug in 6.3.14 that affects UTF-8. see below from the release notes.

CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
  external input (mail headers and UID). When a multi-character locale (such as 
UTF-8) was in use, this could cause memory exhaustion and thus a denial of 
service, because fetchmail's report.c functions assumed that non-success of 
[v]snprintf was due to insufficient buffer size allocation. It would then 
repeatedly reallocate a larger buffer and fail formatting again. See 
fetchmail-SA-2010-02.txt.
 
>How-To-Repeat:

>Fix:
update to latest version

Prev by Date: Re: pkg/43237 (pkgsrc/lang/clang: clang++ can't find <iostream>)
Next by Date: Re: pkg/43237 (pkgsrc/lang/clang: clang++ can't find <iostream>)
Previous by Thread: Re: pkg/43237 (pkgsrc/lang/clang: clang++ can't find <iostream>)
Next by Thread: pkg/43270: [print/php-pdflib] Update to 2.1.8
Indexes:

Home | Main Index | Thread Index | Old Index