fetchmail-friends
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fetchmail]The 5.9.10 release of fetchmail is available

2002-05-07 18:38:08
from [Nalin Dahyabhai] [Permanent Link] 
On Sun, Mar 10, 2002 at 07:02:29PM -0500, Eric S. Raymond wrote:

fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines:

* Security fix: don't trust the message count passed back by the server.


While testing, we seem to have discovered a similar bug which allows a
malicious server to crash 5.9.10 on 64-bit boxes (or on systems where
sizeof(size_t) != sizeof(int), which is the case on the 64-bit boxes we
have here).  I'm attaching our candidate patch.  Comments?

Nalin

Attachment: fetchmail-5.9.10-64bitfix.patch
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [fetchmail]Selective deletion of email from remote server?, Jan Klaverstijn
Next by Date:  Re: [fetchmail]merging two rc files, Rob MacGregor
Previous by Thread:  [fetchmail]merging two rc files, Mipam
Next by Thread:  Re: [fetchmail]The 5.9.10 release of fetchmail is available, Eric S. Raymond
Indexes:  [Date] [Thread] [Top] [All Lists]