Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 37717 - Fetchmail 6.2.5 fixes a remote DoS
Summary: Fetchmail 6.2.5 fixes a remote DoS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Highest critical (vote)
Assignee: Gentoo Security
URL: http://xforce.iss.net/xforce/xfdb/13450
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-09 10:50 UTC by Gustavo Zacarias (RETIRED)
Modified: 2004-03-31 00:16 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gustavo Zacarias (RETIRED) gentoo-dev 2004-01-09 10:50:53 UTC
A specially-crafted email can make fetchmail crash.
Check:
http://xforce.iss.net/xforce/xfdb/13450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792
Comment 1 Martin Holzer (RETIRED) gentoo-dev 2004-02-09 13:09:09 UTC
6.2.5 is in cvs
Comment 2 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-03-26 13:21:17 UTC
Is this getting moved to stable anytime soon?
Comment 3 Seemant Kulleen (RETIRED) gentoo-dev 2004-03-26 13:43:13 UTC
stabled on x86
Comment 4 Seemant Kulleen (RETIRED) gentoo-dev 2004-03-26 13:44:08 UTC
the problem will be the alpha arch, because 6.2.5 appears masked on alpha, but earlier versions are stable on there.  can we get some alpha people on this?
Comment 5 Jay Maynard (RETIRED) gentoo-dev 2004-03-26 15:45:16 UTC
Unable to reproduce the header corruption that resulted in 6.2.4 being masked on Alpha. Marked stable.
Comment 6 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-03-29 18:08:21 UTC
I've submitted a draft GLSA for this bug (id ddc13b8a4b951395bc251f69ef1920e9).

I don't much like the Description field in the GLSA, but I couldn't find any more detailed information to include. :-/
Comment 7 Kurt Lieber (RETIRED) gentoo-dev 2004-03-29 23:35:46 UTC
PPC -- latest stable version of fetchmail for ppc is 5.9.14.  Can someone look at 6.2.5 and see if it can be marked stable?

AMD64 -- the 6.2.5 ebuild has amd64-specific stuff in it ("use amd64" fex) but there are no amd64 keywords.  Can you double-check?

Also adding other arches.  
Comment 8 Lars Weiler (RETIRED) gentoo-dev 2004-03-30 03:39:03 UTC
It's now stable on ppc.  Removing from Cc.
Comment 9 Jon Portnoy (RETIRED) gentoo-dev 2004-03-30 06:47:56 UTC
Stable on AMD64
Comment 10 Kurt Lieber (RETIRED) gentoo-dev 2004-03-31 00:16:10 UTC
GLSA 200403-10