fetchmail-friends
[Top] [All Lists]

[fetchmail]fetchmail 6.3.2-rc4 final release candidate

2006-01-18 21:12:41
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

a recently reported Debian bug spoiled my plans to have -rc3 as the
final release candidate, but I hope it was the penultimate - to avoid
embarrassment with the final 6.3.2, I've chosen to insert -rc4.

This release candidate fixes a segfault after sending a bounce.

This release candidate (#4) for 6.3.2 is available from
http://mandree.home.pages.de/fetchmail/

I have requested a CVE Id from MITRE to track this problem and will add
it to the security announcement before 6.3.2 release.

Changes in fetchmail 6.3.2-rc4 (from -rc3):

# SECURITY FIX IN THIS RELEASE
* CVE-2006-XXXX: Fix segfault or bus error after bouncing a message.  This bug
  was introduced into 6.3.0 when removing alloca(); it caused fetchmail to free
  random memory.  Reported by Nathaniel W. Turner, Debian Bug#348747.
  See fetchmail-SA-2006-01.txt

# CHANGES RELEVANT TO PACKAGERS:
* Added fetchmail-SA-2006-01.txt to the distribution.

Happy fetchmailing,
Matthias Andree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFDzxDdvmGDOQUufZURAiVYAJ4q2xxCuGVrxcP+VJ/fronZz7R/twCgsJXS
jVwe62uMCA+5wYN2iIQ5F1Y=
=V2fc
-----END PGP SIGNATURE-----

_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/cgi-bin/mailman/listinfo/fetchmail-friends

<Prev in Thread] Current Thread [Next in Thread>
  • [fetchmail]fetchmail 6.3.2-rc4 final release candidate, Matthias Andree <=