SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for fetchmail-6.3.8-2tr.i586.rpm :
Thu Sep 20 14:00:00 2007 Nived Gopalan 6.3.8-2tr
- SECURITY Fix: An error exists in fetchmail which allows
context-dependent attackers to cause a denial of service (NULL
dereference and application crash) by refusing certain warning
messages that are sent over SMTP.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-4565 to this issue.

Fri May 18 14:00:00 2007 Bipin S 6.3.8-1tr
- New upsteam.
- SECURITY Fix: A weakness has been identified which is caused
by an error in the APOP protocol that fails to properly prevent
MD5 collisions, which could be exploited via man-in-the-middle
attacks and specially crafted message-IDs to potentially disclose
the first three characters of passwords.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-1558 to this issue.

Mon Feb 26 13:00:00 2007 Nived Gopalan
- Rebuilt

Fri Feb 9 13:00:00 2007 Bipin S 6.3.6-1tr
- New Upstream.
- SECURITY Fix: Fetchmail does not properly enforce TLS and may
transmit cleartext passwords over unsecured links if certain
circumstances occur, which allows remote attackers to obtain
sensitive information via man-in-the-middle (MITM) attacks.
- A vulnerability has been reported in Fetchmail caused due to
a NULL pointer dereference error when rejecting a message sent
to an MDA, which could be exploited by attackers to cause a
denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-5867 and CVE-2006-5974 to these issues.

Thu Jun 15 14:00:00 2006 Nived Gopalan 6.3.4-1tr
- New Upstream.

Thu Jan 5 13:00:00 2006 Nived Gopalan 6.2.5.5-1tr
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in Fetchmail caused due
to a null pointer dereferencing error when handling a message without
email headers. This can be exploited to crash Fetchmail when the
upstream mail server sends a message without headers.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-4348 to this issue.

Fri Oct 21 14:00:00 2005 Ajith Thampi 6.2.5.2-3tr
- Added PreReq of chkconfig

Tue Aug 2 14:00:00 2005 Ajith Thampi 6.2.5.2-2tr
- Added fetchmail.init (by Olaf Rempel)
- Enabled support for ipv6
- Added a sample fetchmailrc for usage
- Fixed BuildRequires, Bug #1138

Mon Jul 25 14:00:00 2005 Syed Shabir Zakiullah 6.2.5.2-1tr
- New Upstream
- Security Fix: Remote code injection vulnerability in fetchmail
- The POP3 code that deals with UIDs (from the UIDL) reads the responses returned
by the POP3 server into fixed-size buffers allocated on the stack, without
limiting the input length to the buffer size. A compromised or malicious POP3
server can thus overrun fetchmail\'s stack. This affects POP3 and all of its
variants, for instance but not limited to APOP

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-2335 to this issue.

Mon May 30 14:00:00 2005 Bipin 6.2.5-1tr
- New entry into TSL-3.0 official

Fri May 27 14:00:00 2005 Ajith Thampi 6.2.5-2ta
- Removed the fetchmailconf binary as it is no more needed.
- Added ssl support and fallback to procmail
- placing man pages into mandir as expected

Wed Apr 13 14:00:00 2005 Thushara Gopalakrishnan 6.2.5-1th
- Initial release


  
ICM