From oss-security: etchmail-SA-2012-02: DoS possible with NTLM authentication in debug mode Topics: fetchmail denial of service in NTLM protocol phase Author: Matthias Andree Version: draft Announced: 2012-08-13 Type: crash while reading from bad memory location Impact: fetchmail segfaults and aborts, stalling inbound mail Danger: low Acknowledgment: J. Porter Clark CVE Name: (TBD) URL: http://www.fetchmail.info/fetchmail-SA-2012-02.txt Project URL: http://www.fetchmail.info/ Affects: - fetchmail releases 5.0.8 up to and including 6.3.21 when compiled with NTLM support enabled Not affected: - fetchmail releases compiled with NTLM support disabled - fetchmail releases 6.3.22 and newer Corrected in: 2012-08-13 Git, among others, see commit 3fbc7cd331602c76f882d1b507cd05c1d824ba8b 2012-08-xx fetchmail 6.3.22 release tarball
6.3.22 added to CVS.
(In reply to comment #1) > 6.3.22 added to CVS. Thanks, Tim. May we proceed with stabilization?
(In reply to comment #2) > Thanks, Tim. May we proceed with stabilization? Of course.
Thanks. Arches, please test and mark stable: =net-mail/fetchmail-6.3.22 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86: compile,test, run, repoman OK
amd64 stable
x86 stable
arm stable
alpha/ia64/s390/sh/sparc stable
ppc64 stable
ppc done
Thanks, everyone. GLSA vote: no.
GLSA Vote: no. Closing noglsa.