The 5.8.17 release of fetchmail is now available at the usual locations,
including <URL:http://www.tuxedo.org/~esr/fetchmail>.
Here are the release notes:
fetchmail-5.8.17 (Tue Aug 7 20:05:36 EDT 2001), 21056 lines:
* SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is
running as root and the attacker can either subvert the mailserver or
redirect to a fake one using DNS spoofing. Bugtraq announcement to follow
soon. Thanks to Salvatore Sanfilippo <antirez(_at_)invece(_dot_)org>.
* Eliminated second bounce on failed RCPT TO address.
* Always use fetchmail host's FQDN to identify the daemon when
sending bounce messages.
* Embarrassing bug of the month -- somehow, `skip' wasn't being interpreted!
There are 367 people on fetchmail-friends and 608 on fetchmail-announce.
I'm sorry about this blizzard of point releases, but I really want 5.9.0
to be good enough for the distros to ship.
By popular demand, diffs from the previous release have been omitted.
--
<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>
The saddest life is that of a political aspirant under democracy. His
failure is ignominious and his success is disgraceful.
-- H.L. Mencken