Bug 318875 (CVE-2010-1167)

Summary:	<net-mail/fetchmail-6.3.17: Denial of service in debug mode w/ multichar locales (CVE-2010-1167)
Product:	Gentoo Security	Reporter:	Torsten Veller (RETIRED) <tove>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	net-mail+disabled, tomas.caithaml
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://fetchmail.berlios.de/fetchmail-SA-2010-02.txt
Whiteboard:	C3 [noglsa]
Package list:		Runtime testing required:	---

Description Torsten Veller (RETIRED) gentoo-dev

2010-05-07 15:49:48 UTC

net-mail/fetchmail-6.3.17 is in the tree and works for me.

Consider early stabilization for:

alpha@gentoo.org amd64@gentoo.org arm@gentoo.org hppa@gentoo.org ia64@gentoo.org ppc@gentoo.org ppc64@gentoo.org s390@gentoo.org sh@gentoo.org sparc@gentoo.org x86@gentoo.org

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev

2010-05-07 23:52:58 UTC

Thanks, Torsten!

Arches, please test and mark stable:
=net-mail/fetchmail-6.3.17
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 2 Torsten Veller (RETIRED) gentoo-dev

2010-05-08 06:52:36 UTC

x86 and amd64 stable

Comment 3 Thomas Kahle (RETIRED) gentoo-dev

2010-05-08 15:37:08 UTC

*** Bug 312867 has been marked as a duplicate of this bug. ***

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2010-05-08 17:52:12 UTC

Stable for HPPA.

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2010-05-09 18:38:25 UTC

alpha/arm/ia64/s390/sh/sparc stable

Comment 6 Brent Baude (RETIRED) gentoo-dev

2010-05-10 15:42:44 UTC

ppc64 done

Comment 7 Joe Jezak (RETIRED) gentoo-dev

2010-05-12 22:54:42 UTC

Marked ppc stable.

Comment 8 Alex Legler (RETIRED) archtester

2010-05-13 06:25:49 UTC

net-mail: Please remove old versions.

No GLSA is sent as this issue only exists in debug mode.