12141 – fetchmail <= 6.1.3 vulnerable

Bug 12141 - fetchmail <= 6.1.3 vulnerable

Summary: fetchmail <= 6.1.3 vulnerable

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://security.e-matters.de/advisori...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-12-14 06:18 UTC by Tobias
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias 2002-12-14 06:18:56 UTC

as reported by 'Stefan Esser' (to bugtraq), fetchmail <= 6.1.3 is vulnerable 
to buffer overflows and additional, fetchmail can be crashed remotely.

as reported by the author of the given advisory, fetchmail 6.2.0 is available 
and not affected, so me and (i guess) quite a few others would be happy if you 
could update the fetchmail ebuild.

thanks & goodbye
tobij

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2002-12-15 07:08:00 UTC

6.2.0 is in the tree and glsa send. Thanks for reporting this!