Greetings, the fetchmail package for Cygwin is at version 6.3.9, released two years ago, and with known security vulnerabilities and errata:
CVE-2009-2666 - improper TLS cert validation allows MITM attacks to go unnoticed CVE-2010-1167 - heap overflow in verbose mode EN-2010-03 - improper SASL/AUTH implementation causes bogus auth failures And a gazillion of bugfixes since 6.3.9 provided in [1], including critical fixes for long-standing bugs. Fetchmail does not currently require Cygwin-specific patches. I have provided Jason Tishler with up to date packages for the current fetchmail 6.3.18 package (with selected upstream fixes from post-6.3.18 Git) a fortnight ago, built on Cygwin 1.7.7 32-bit (Win 7), without any response. I don't mean to take over maintainership, but -- can we do non-maintainer updates in such situations? Best regards Matthias, upstream fetchmail maintainer [1] <http://gitorious.org/fetchmail/fetchmail/blobs/master/NEWS#line57> -- Matthias Andree
