[pkg-fetchmail-maint] Bug#440006: CVE-2007-4565: Denial of Service attack in Fetchmail
Thijs Kinkhorst
thijs at debian.org
Wed Aug 29 06:51:30 UTC 2007
Package: fetchmail
Severity: important
Tags: security
Hi!
A DoS attack in fetchmail has been publicised:
> fetchmail before 6.3.9 allows context-dependent attackers to cause a denial
> of service (NULL dereference and application crash) by refusing certain
> warning messages that are sent over SMTP.
This upstream URL has details and references which commit fixes it:
http://mknod.org/svn/fetchmail/branches/BRANCH_6-3/fetchmail-SA-2007-02.txt
Please update your package, and mention CVE-2007-4565 in your changelog. It
would be good if you could assess the severity of this attack in the light of
updating stable/oldstable.
thanks
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20070829/7f0f407f/attachment.pgp
More information about the pkg-fetchmail-maint
mailing list