First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 253871
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Chan Min Wai <dcmwai@pl.jaring.my>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 253871 depends on: Show dependency tree
Bug 253871 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-01-05 16:27 0000 
Security issue update to 6.3.9.

Reproducible: Always

------- Comment #1 From Torsten Veller 2009-01-05 17:16:12 0000 ------- 
CVE-2007-4565 was bug 191154
CVE-2008-2711 was bug 227105
Both fixed.


FYI: There are two further issues listed under
"SECURITY AND CRITICAL BUG FIXES" (see URL):

* When expunging, mark the right messages as seen to avoid message loss in
"keep
  flush" configurations.  Workaround for previous versions: "expunge 0".
  Report and patch by Alexander Cherepanov - thanks a lot, Berlios Bug #11797,
  "imap_mark_seen doesn't consider expunged messages".
* SSL fix: close memory leak when SSL connection fails; fetchmail used to
forget
  calling SSL_free() on the SSL context, leaking in excess of 500 kB RAM on a
  x86_64 system per failed SSL connection attempt.
  Bug reported and patch provided by Seiichi Ikarashi, Fujitsu.

------- Comment #2 From Craig (Security Padawan) 2009-01-05 21:46:56 0000 ------- 
Arches, please test and mark stable:
Package: '=net-mail/fetchmail-6.3.9'
Target Keywords: "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
x86-fbsd"

------- Comment #3 From Tobias Scherbaum 2009-01-05 21:56:51 0000 ------- 
(In reply to comment #2)
> Arches, please test and mark stable:
> Package: '=net-mail/fetchmail-6.3.9'
> Target Keywords: "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
> x86-fbsd"
> 

why - if both issues are already fixed for the current stable version?

------- Comment #4 From Craig (Security Padawan) 2009-01-05 22:44:11 0000 ------- 
Sorry, uhm, what's wrong with me, I failed hard here. :(

Well, I think we should still stabilize because of the "SSL fix".

------- Comment #5 From Tobias Scherbaum 2009-01-06 17:11:51 0000 ------- 
(In reply to comment #4)
> Sorry, uhm, what's wrong with me, I failed hard here. :(
> 
> Well, I think we should still stabilize because of the "SSL fix".
> 

hrm, well ... let's do it

------- Comment #6 From Tobias Scherbaum 2009-01-06 17:15:28 0000 ------- 
(In reply to comment #5)
> hrm, well ... let's do it

that being said, ppc stable

------- Comment #7 From Craig (Security Padawan) 2009-01-06 18:01:35 0000 ------- 
I forgot to click "Add Archs" button, too. :/

------- Comment #8 From Robert Buchholz 2009-01-06 19:01:08 0000 ------- 
no mips, no no....

------- Comment #9 From Brent Baude 2009-01-06 19:55:08 0000 ------- 
ppc64 done

------- Comment #10 From Jeroen Roovers 2009-01-07 15:42:42 0000 ------- 
Stable for HPPA

------- Comment #11 From Alexis Ballier 2009-01-07 15:44:27 0000 ------- 
(In reply to comment #8)
> no mips, no no....
> 

neither bsd afaik

------- Comment #12 From Raúl Porcel 2009-01-07 18:26:19 0000 ------- 
alpha/ia64/sparc/x86 stable

------- Comment #13 From Markus Meier 2009-01-10 10:12:06 0000 ------- 
amd64 stable

------- Comment #14 From Pierre-Yves Rofes 2009-01-11 14:21:03 0000 ------- 
The SSL issue is a client-side DOS, so I close it as noglsa per policy. Feel
free to reopen if you disagree.
First Last Prev Next    No search results available      Search page      Enter new bug