Summary: | <net-mail/fetchmail-6.4.20: Denial of service when fetching long messages (CVE-2021-36386) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voyageur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.fetchmail.info/fetchmail-SA-2021-01.txt | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
net-mail/fetchmail-6.4.21-r1
|
Runtime testing required: | --- |
Description
Sam James
2021-07-28 21:40:08 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. 6.4.20 only contains the mentioned security fix on top of our current stable 6.4.19, so we can bump and mark it stable safely. (In reply to Bernard Cafarelli from comment #9) > 6.4.20 only contains the mentioned security fix on top of our current stable > 6.4.19, so we can bump and mark it stable safely. Thank you! x86 done sparc stable amd64 done arm done ppc64 done ppc done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f190d1fd7da098624e5f9bed8f534c53b07d91c commit 1f190d1fd7da098624e5f9bed8f534c53b07d91c Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2021-08-03 19:58:27 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2021-08-03 19:58:27 +0000 net-mail/fetchmail: drop vulnerable version Bug: https://bugs.gentoo.org/804921 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-mail/fetchmail/Manifest | 1 - net-mail/fetchmail/fetchmail-6.4.19.ebuild | 107 ----------------------------- 2 files changed, 108 deletions(-) Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfcd4678edd09ba6315f6d4fd358455772e2f957 commit dfcd4678edd09ba6315f6d4fd358455772e2f957 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2021-08-21 16:07:08 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2021-08-21 16:07:23 +0000 net-mail/fetchmail: 6.4.21 direct stable bump This is a regression fix on security stable 6.4.20, see upstream README Bug: https://bugs.gentoo.org/804921 Package-Manager: Portage-3.0.20, Repoman-3.0.3 RepoMan-Options: --force Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-mail/fetchmail/Manifest | 2 +- net-mail/fetchmail/{fetchmail-6.4.20.ebuild => fetchmail-6.4.21.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) Unable to check for sanity:
> no match for package: net-mail/fetchmail-6.4.20
Unable to check for sanity:
> no match for package: net-mail/fetchmail-6.4.21
GLSA request filed GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=10e37684de32c903d014e181ca429e2850397264 commit 10e37684de32c903d014e181ca429e2850397264 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:35:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-14 ] Fetchmail: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/804921 Bug: https://bugs.gentoo.org/810676 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-14.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) |