[pkg-fetchmail-maint] Bug#343836: Security: DoS attack possible -
crashes on empty message
Matthias Andree
matthias.andree at gmx.de
Wed Dec 21 16:04:05 UTC 2005
Martin Schulze wrote:
> The patch does not apply though, since xfree() is unknown in version 6.2.5.
> I assume that the xfree only frees the memory when it is not NULL and sets
> the variable to NULL again, so the attached patch should do the same and apply
> to the version in Debian sarge/etch/sid.
Whoops, my apologies. Your assumptions are right, we are using this macro,
which is part of fetchmail 6.2.5.5's transact.c:
#define xfree(p) { if (p) { free(p); (p) = 0; } }
It is perhaps easier to advance to fetchmail 6.2.5.5. The number of changes
is low, and all changes either add documentation or fix important bugs.
While 6.2.5 on Debian may not need the Solaris or gettext build fix of the
day, I haven't yet heard of problems introduced that way. OTOH, I don't know
how many people have gone for 6.3.X right away.
The changelog vs. 6.2.5 is at <http://mandree.home.pages.de/fetchmail/NEWS.txt>
HTH,
Matthias
More information about the pkg-fetchmail-maint
mailing list