Summary: | <net-mail/fetchmail-6.4.22: STARTTLS encryption bypass | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voyageur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.fetchmail.info/fetchmail-SA-2021-02.txt | ||
Whiteboard: | B4 [glsa+] | ||
Package list: |
net-mail/fetchmail-6.4.22
|
Runtime testing required: | --- |
Description
John Helmert III
2021-08-27 14:47:54 UTC
6.4.22 is out now, adding to tree Unable to check for sanity:
> no match for package: net-mail/fetchmail-6.4.22
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fb83568b8a4afa8a665ce16b57c45086d70157a commit 3fb83568b8a4afa8a665ce16b57c45086d70157a Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2021-09-15 10:24:11 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2021-09-15 10:35:41 +0000 net-mail/fetchmail: 6.4.22 bump Bug: https://bugs.gentoo.org/810676 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-mail/fetchmail/Manifest | 1 + net-mail/fetchmail/fetchmail-6.4.22.ebuild | 107 +++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) Keywords are not fully specified and arches are not CC-ed for the following packages: - =net-mail/fetchmail-6.4.22 No vulnerable versions remain in tree, so cleanup already done. Encryption bypass is rather important, so maybe glsa? (In reply to 9ts641j2 from comment #5) > No vulnerable versions remain in tree, so cleanup already done. Encryption > bypass is rather important, so maybe glsa? Thanks! GLSA request filed GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=10e37684de32c903d014e181ca429e2850397264 commit 10e37684de32c903d014e181ca429e2850397264 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:35:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-14 ] Fetchmail: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/804921 Bug: https://bugs.gentoo.org/810676 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-14.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) |