[pkg-fetchmail-maint] Bug#336096: fixed in fetchmail 6.2.5.4-1
Loic Minier
lool at dooz.org
Tue Nov 15 19:43:03 UTC 2005
reopen 336096
tags 336096 + sarge
retitle 336096 [sarge] CVE-2005-3088 - password exposure in fetchmailconf
tags 336096 + pending
thanks
On mar, nov 15, 2005, Loic Minier wrote:
> Source: fetchmail
> Source-Version: 6.2.5.4-1
>
> We believe that the bug you reported is fixed in the latest version of
> fetchmail, which is due to be installed in the Debian FTP archive:
>
> fetchmail-ssl_6.2.5.4-1_all.deb
> to pool/main/f/fetchmail/fetchmail-ssl_6.2.5.4-1_all.deb
> fetchmail_6.2.5.4-1.diff.gz
> to pool/main/f/fetchmail/fetchmail_6.2.5.4-1.diff.gz
> fetchmail_6.2.5.4-1.dsc
> to pool/main/f/fetchmail/fetchmail_6.2.5.4-1.dsc
> fetchmail_6.2.5.4-1_i386.deb
> to pool/main/f/fetchmail/fetchmail_6.2.5.4-1_i386.deb
> fetchmail_6.2.5.4.orig.tar.gz
> to pool/main/f/fetchmail/fetchmail_6.2.5.4.orig.tar.gz
> fetchmailconf_6.2.5.4-1_all.deb
> to pool/main/f/fetchmail/fetchmailconf_6.2.5.4-1_all.deb
>
>
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed. If you
> have further comments please address them to 336096 at bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Loic Minier <lool at dooz.org> (supplier of updated fetchmail package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmaster at debian.org)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Format: 1.7
> Date: Tue, 15 Nov 2005 18:53:37 +0100
> Source: fetchmail
> Binary: fetchmailconf fetchmail-ssl fetchmail
> Architecture: source i386 all
> Version: 6.2.5.4-1
> Distribution: unstable
> Urgency: high
> Maintainer: Fetchmail Maintainers <pkg-fetchmail-maint at lists.alioth.debian.org>
> Changed-By: Loic Minier <lool at dooz.org>
> Description:
> fetchmail - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
> fetchmail-ssl - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
> fetchmailconf - fetchmail configurator
> Closes: 288063 314509 321272 323637 330522 336096
> Changes:
> fetchmail (6.2.5.4-1) unstable; urgency=high
> .
> [ Lucas Wall ]
> - pidfile checking in init.d script (closes: #323637).
> .
> [ Nico Golde ]
> - Only create fetchmail user if it doesn't exist (closes: #330522,#321272).
> - respect the permissions of fetchmail home.
> - rebuild against latest openssl version.
> - removed deletion of /etc/fetchmailrc,
> see statement in BTS. (closes: #288063).
> - adjusted legal notes (Thanks Marc Brockschmidt for the hint).
> .
> [ Loic Minier ]
> * New upstream stable releases.
> - Fix password exposure in fetchmailconf: use umask 077 before opening
> output file and restore umask later. (Closes: #336096)
> This is CVE-2005-3088.
> - Drop 01pop3sec.dpatch, included upstream.
> - Fix IMAP timeouts, counting message count down on servers that do not
> send EXISTS counts after EXPUNGE. (Closes: #314509)
> - Unlist spanish translation patch for now, as the spanish translation was
> completely destroyed upstream.
> * Add myself to Uploaders.
> Files:
> 6e5f306aed047dc28e87bf7651357ebe 858 mail optional fetchmail_6.2.5.4-1.dsc
> 16af4db00e200445a55e6f7a9a267649 1275624 mail optional fetchmail_6.2.5.4.orig.tar.gz
> 5b6d534009350e90a5fd0cfa432cf30e 79388 mail optional fetchmail_6.2.5.4-1.diff.gz
> 93f0fb1c89dc716a7f28c874535faabf 104398 mail optional fetchmailconf_6.2.5.4-1_all.deb
> 48c68a538716d9ab63db700f15f0dd1a 45070 mail optional fetchmail-ssl_6.2.5.4-1_all.deb
> 68e50437e01725fccee667763ac2573e 290118 mail optional fetchmail_6.2.5.4-1_i386.deb
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFDeiIJ4VUX8isJIMARAtgNAJoDdUQpIE08bCigJ/8jSW8TT1rh7wCfYCDb
> SIKaKIeMQQ9TUY+Y0GKzY/Y=
> =uedC
> -----END PGP SIGNATURE-----
>
>
>
--
Loïc Minier <lool at dooz.org>
"What do we want? BRAINS! When do we want it? BRAINS!"
More information about the pkg-fetchmail-maint
mailing list