Security issue update to 6.3.9.
CVE-2007-4565 was bug 191154
CVE-2008-2711 was bug 227105
FYI: There are two further issues listed under
"SECURITY AND CRITICAL BUG FIXES" (see URL):
* When expunging, mark the right messages as seen to avoid message loss in "keep
flush" configurations. Workaround for previous versions: "expunge 0".
Report and patch by Alexander Cherepanov - thanks a lot, Berlios Bug #11797,
"imap_mark_seen doesn't consider expunged messages".
* SSL fix: close memory leak when SSL connection fails; fetchmail used to forget
calling SSL_free() on the SSL context, leaking in excess of 500 kB RAM on a
x86_64 system per failed SSL connection attempt.
Bug reported and patch provided by Seiichi Ikarashi, Fujitsu.
Arches, please test and mark stable:
Target Keywords: "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86 x86-fbsd"
(In reply to comment #2)
> Arches, please test and mark stable:
> Package: '=net-mail/fetchmail-6.3.9'
> Target Keywords: "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86
why - if both issues are already fixed for the current stable version?
Sorry, uhm, what's wrong with me, I failed hard here. :(
Well, I think we should still stabilize because of the "SSL fix".
(In reply to comment #4)
> Sorry, uhm, what's wrong with me, I failed hard here. :(
> Well, I think we should still stabilize because of the "SSL fix".
hrm, well ... let's do it
(In reply to comment #5)
> hrm, well ... let's do it
that being said, ppc stable
I forgot to click "Add Archs" button, too. :/
no mips, no no....
Stable for HPPA
(In reply to comment #8)
> no mips, no no....
neither bsd afaik
The SSL issue is a client-side DOS, so I close it as noglsa per policy. Feel free to reopen if you disagree.