commit fetchmail for openSUSE:Factory

Tue, 03 Aug 2021 13:49:39 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package fetchmail for openSUSE:Factory 
checked in at 2021-08-03 22:48:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fetchmail (Old)
 and      /work/SRC/openSUSE:Factory/.fetchmail.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "fetchmail"

Tue Aug  3 22:48:52 2021 rev:90 rq:909916 version:6.4.20

Changes:
--------
--- /work/SRC/openSUSE:Factory/fetchmail/fetchmail.changes      2021-07-29 
21:33:00.852693464 +0200
+++ /work/SRC/openSUSE:Factory/.fetchmail.new.1899/fetchmail.changes    
2021-08-03 22:49:23.128450210 +0200
@@ -1,0 +2,15 @@
+Thu Jul 29 07:57:07 UTC 2021 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 6.4.20: [bsc#1188875, CVE-2021-36386]
+  * CVE-2021-36386: DoS or information disclosure in some configurations.
+    When a log message exceeds c. 2 kByte in size, for instance,
+    with very long header contents, and depending on verbosity
+    option, fetchmail can crash or misreport each first log message
+    that requires a buffer reallocation. fetchmail then reallocates
+    memory and re-runs vsnprintf() without another call to va_start(),
+    so it reads garbage. The exact impact depends on many factors
+    around the compiler and operating system configurations used and
+    the implementation details of the stdarg.h interfaces of the two
+    functions mentioned before.
+
+-------------------------------------------------------------------

Old:
----
  fetchmail-6.4.19.tar.xz
  fetchmail-6.4.19.tar.xz.asc

New:
----
  fetchmail-6.4.20.tar.xz
  fetchmail-6.4.20.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fetchmail.spec ++++++
--- /var/tmp/diff_new_pack.oOHpf5/_old  2021-08-03 22:49:23.780449423 +0200
+++ /var/tmp/diff_new_pack.oOHpf5/_new  2021-08-03 22:49:23.780449423 +0200
@@ -21,7 +21,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           fetchmail
-Version:        6.4.19
+Version:        6.4.20
 Release:        0
 Summary:        Full-Featured POP and IMAP Mail Retrieval Daemon
 License:        GPL-2.0-or-later

++++++ fetchmail-6.4.19.tar.xz -> fetchmail-6.4.20.tar.xz ++++++
++++ 2776 lines of diff (skipped)

Reply via email to