fetchmail-friends
[Top] [All Lists]

Re: [fetchmail]The 5.9.10 release of fetchmail is available

2002-05-24 04:16:15
Nalin Dahyabhai <nalin(_at_)redhat(_dot_)com>:
On Sun, Mar 10, 2002 at 07:02:29PM -0500, Eric S. Raymond wrote:
fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines:

* Security fix: don't trust the message count passed back by the server.

While testing, we seem to have discovered a similar bug which allows a
malicious server to crash 5.9.10 on 64-bit boxes (or on systems where
sizeof(size_t) != sizeof(int), which is the case on the 64-bit boxes we
have here).  I'm attaching our candidate patch.  Comments?

Looks good.  Taken.
-- 
                <a href="http://www.tuxedo.org/~esr/";>Eric S. Raymond</a>


<Prev in Thread] Current Thread [Next in Thread>