[pkg-fetchmail-maint] Bug#569207: fetchmail: NEWS.Debian is not a changelog

Frank Küster frank at debian.org
Wed Feb 10 19:18:01 UTC 2010 

Package: fetchmail
Version: 6.3.13-2
Severity: normal

The latest upgrade presented this as its NEWS.Debian:

fetchmail (6.3.13-1) unstable; urgency=low

   This includes all changes since 6.3.6
   Fix KPOP regression.
   Fix manual page: --sslcheck -> --sslcertck
   Make the APOP challenge parser more distrustful to prevent MiM attacks.
   Add sslcommonname option as a way to work around misconfigured upstream SSL servers.
   Fixed CVE-2007-4565: Denial of service.
   Fixed CVE-2008-2711: Denial of service.
   When expunging, mark the right messages as seen to avoid message loss in "keep flush" configurations.
   SSL fix: close memory leak when SSL connection fails.
   Make the comparison of the SSL fingerprints case insensitive, to ease its use.
   The sleeping at/awakened at messages appear in logfiles and syslog only if verbose mode is enabled.
   fetchmail only requests IPv6 addresses via name service if at least one is configured on the local host, likewise for IPv4.
   If the server name contains "yahoo.com", offers the "ID" capability, and we're polling via IMAP, send an ID ("guid" "1") transaction first, ignoring its result.
   Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation.
   There is a new "softbounce" global option that prevents the deletion of messages that have not been forwarded. It defaults to "true" for fetchmail 6.3.X in order to match historic documentation.
   Fixed CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields.

 -- Hector Garcia <hector at debian.org>  Mon, 2 Feb 2010 23:24:29 +0100

This is not a suitable NEWS entry, neither in terms of content nor
proper form.  See the explanation at

file:///usr/share/doc/developers-reference/best-pkging-practices.html#bpp-news-debian

Thanks in advance, Frank

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/dash

Versions of packages fetchmail depends on:
ii  adduser                3.112             add and remove users and groups
ii  debianutils            3.2.2             Miscellaneous utilities specific t
ii  libc6                  2.10.2-2          GNU C Library: Shared libraries
ii  libcomerr2             1.41.9-1          common error description library
ii  libgssapi-krb5-2       1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - k
ii  libk5crypto3           1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries - C
ii  libkrb5-3              1.8+dfsg~alpha1-5 MIT Kerberos runtime libraries
ii  libssl0.9.8            0.9.8k-8          SSL shared libraries
ii  lsb-base               3.2-23            Linux Standard Base 3.2 init scrip

Versions of packages fetchmail recommends:
ii  ca-certificates               20090814   Common CA certificates

Versions of packages fetchmail suggests:
ii  exim4                         4.71-3     metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light [mail-tran 4.71-3     lightweight Exim MTA (v4) daemon
ii  fetchmailconf                 6.3.13-2   fetchmail configurator
pn  resolvconf                    <none>     (no description available)

-- no debconf information

-- 
Dr. Frank Küster
Debian Developer (TeXLive)
VCD Aschaffenburg-Miltenberg, ADFC Miltenberg
B90/Grüne KV Miltenberg

More information about the pkg-fetchmail-maint mailing list