Details at URL. Fixes in apparently unreleased 6.4.22, but also in 6.4.22_rc1.
6.4.22 is out now, adding to tree
Unable to check for sanity: > no match for package: net-mail/fetchmail-6.4.22
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fb83568b8a4afa8a665ce16b57c45086d70157a commit 3fb83568b8a4afa8a665ce16b57c45086d70157a Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2021-09-15 10:24:11 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2021-09-15 10:35:41 +0000 net-mail/fetchmail: 6.4.22 bump Bug: https://bugs.gentoo.org/810676 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-mail/fetchmail/Manifest | 1 + net-mail/fetchmail/fetchmail-6.4.22.ebuild | 107 +++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+)
Keywords are not fully specified and arches are not CC-ed for the following packages: - =net-mail/fetchmail-6.4.22
No vulnerable versions remain in tree, so cleanup already done. Encryption bypass is rather important, so maybe glsa?
(In reply to 9ts641j2 from comment #5) > No vulnerable versions remain in tree, so cleanup already done. Encryption > bypass is rather important, so maybe glsa? Thanks!
GLSA request filed
GLSA released, all done!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=10e37684de32c903d014e181ca429e2850397264 commit 10e37684de32c903d014e181ca429e2850397264 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:35:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-14 ] Fetchmail: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/804921 Bug: https://bugs.gentoo.org/810676 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-14.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)