-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I am announcing the release of fetchmail 6.2.5.5.
This release fixes a denial of service bug/fetchmail crash in multidrop
mode, plugs a socket leak when SSL negotiation fails and adds the three
security announcements from 2005 that the project issued so far.
The software is available from:
<https://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=8403>
fetchmail-6.2.5.X is a security fix branch that forked off
fetchmail-6.2.5. It does not change for anything but security and the
most severe bug fixes.
Note this 6.2.5.X branch is going to be discontinued in Early 2006, all
users are advised to upgrade to the new 6.3.1 fetchmail release instead.
There have been very few incompatible changes, most sites should be
unaffected. 6.3.1 however fixes dozens of bugs (literally) that 6.2.5.5
still has. fetchmail 6.3.1 is available from
<https://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=8405>
These are the relevant changes in 6.2.5.5 since (and excluding) 6.2.5.4:
* SECURITY FIX CVE-2005-4348: fix null pointer dereference in
multidrop mode when the message is empty. Reported by Daniel Drake
<http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others
(Debian Bug #343836). Fix by Sunil Shetye.
* Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation
fails. Fix suggested by Goswin Brederlow.
* Add fetchmail-SA-2005-{01,02,03}.txt
Regards,
- --
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDppiZvmGDOQUufZURAiVVAKCrH0gGmn/GCjFa8jag7FeUoPSyOQCgsezV
BQuopaSln4QWcgLAYBm4OPM=
=IvLw
-----END PGP SIGNATURE-----
_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends