CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2010/03/21 19:28:40
Modified files:
mail/fetchmail : Makefile distinfo
mail/fetchmail/patches: patch-Makefile_in patch-configure
Log message:
security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt
"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
printable characters.
It is believed to be difficult to achieve all this."
