Your message dated Wed, 29 Aug 2007 10:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#440006: fixed in fetchmail 6.3.8-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: fetchmail
Severity: important
Tags: security
Hi!
A DoS attack in fetchmail has been publicised:
> fetchmail before 6.3.9 allows context-dependent attackers to cause a denial
> of service (NULL dereference and application crash) by refusing certain
> warning messages that are sent over SMTP.
This upstream URL has details and references which commit fixes it:
http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt
Please update your package, and mention CVE-2007-4565 in your changelog. It
would be good if you could assess the severity of this attack in the light of
updating stable/oldstable.
thanks
Thijs
pgp1lHTObBAGh.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: fetchmail
Source-Version: 6.3.8-8
We believe that the bug you reported is fixed in the latest version of
fetchmail, which is due to be installed in the Debian FTP archive:
fetchmail_6.3.8-8.diff.gz
to pool/main/f/fetchmail/fetchmail_6.3.8-8.diff.gz
fetchmail_6.3.8-8.dsc
to pool/main/f/fetchmail/fetchmail_6.3.8-8.dsc
fetchmail_6.3.8-8_i386.deb
to pool/main/f/fetchmail/fetchmail_6.3.8-8_i386.deb
fetchmailconf_6.3.8-8_all.deb
to pool/main/f/fetchmail/fetchmailconf_6.3.8-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated fetchmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 29 Aug 2007 12:05:09 +0200
Source: fetchmail
Binary: fetchmailconf fetchmail
Architecture: source i386 all
Version: 6.3.8-8
Distribution: unstable
Urgency: high
Maintainer: Fetchmail Maintainers <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
fetchmail - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
fetchmailconf - fetchmail configurator
Closes: 440006
Changes:
fetchmail (6.3.8-8) unstable; urgency=high
.
* Including fix_CVE-2007-4565_DoS patch to fix
Denial of Service vulnerability in sink.c
(CVE-2007-4565) (Closes: #440006).
* Fixed fetchmailconf menu sections.
Files:
1e55b40a6bc8200865add56c8ad3a39b 893 mail optional fetchmail_6.3.8-8.dsc
96ff0c702f403d429ef9e2c77d0435f9 62698 mail optional fetchmail_6.3.8-8.diff.gz
a9435a6e2a140277994ef9b339babd7d 61918 mail optional
fetchmailconf_6.3.8-8_all.deb
525f2ebddd11feb0d01f2ab8a7f1ca85 653832 mail optional
fetchmail_6.3.8-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG1UqOHYflSXNkfP8RAsluAJ4x+QUmAaHVGPwYF8eYIHKHbS7FXgCdEEIY
3MFhONOkXnKAdCdumWyymLw=
=dOOE
-----END PGP SIGNATURE-----
--- End Message ---
