-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
a recently reported Debian bug spoiled my plans to have -rc3 as the
final release candidate, but I hope it was the penultimate - to avoid
embarrassment with the final 6.3.2, I've chosen to insert -rc4.
This release candidate fixes a segfault after sending a bounce.
This release candidate (#4) for 6.3.2 is available from
http://mandree.home.pages.de/fetchmail/
I have requested a CVE Id from MITRE to track this problem and will add
it to the security announcement before 6.3.2 release.
Changes in fetchmail 6.3.2-rc4 (from -rc3):
# SECURITY FIX IN THIS RELEASE
* CVE-2006-XXXX: Fix segfault or bus error after bouncing a message. This bug
was introduced into 6.3.0 when removing alloca(); it caused fetchmail to free
random memory. Reported by Nathaniel W. Turner, Debian Bug#348747.
See fetchmail-SA-2006-01.txt
# CHANGES RELEVANT TO PACKAGERS:
* Added fetchmail-SA-2006-01.txt to the distribution.
Happy fetchmailing,
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDzxDdvmGDOQUufZURAiVYAJ4q2xxCuGVrxcP+VJ/fronZz7R/twCgsJXS
jVwe62uMCA+5wYN2iIQ5F1Y=
=V2fc
-----END PGP SIGNATURE-----
_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends