Accepted fetchmail 6.3.2-2ubuntu2.2 (source)

[Ubuntu Installer]

Accepted:
 OK: fetchmail_6.3.2.orig.tar.gz
 OK: fetchmail_6.3.2-2ubuntu2.2.diff.gz
 OK: fetchmail_6.3.2-2ubuntu2.2.dsc
     -> Component: main Section: mail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 25 Sep 2007 12:15:38 -0400
Source: fetchmail
Binary: fetchmailconf fetchmail
Architecture: source
Version: 6.3.2-2ubuntu2.2
Distribution: dapper-security
Urgency: low
Maintainer: Jamie Strandboge <jamie at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 fetchmail  - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmailconf - fetchmail configurator
Changes: 
 fetchmail (6.3.2-2ubuntu2.2) dapper-security; urgency=low
 .
   * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
     send certain warning messages
   * added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
   * SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
     attackers may be able to acquire a portion of a user's authentication
     credentials using man-in-the-middle techniques.
   * added 06_CVE-2007-1558.dpatch.  This patch adds notes about APOP's
     limitations as well as updating pop3.c to more strictly validate the
     presented challenge for RFC-822 conformity. This change to pop3.c does
     not fix the APOP design flaw, but does make attacks against APOP somewhat
     more difficult.
   * References
     CVE-2007-4565
     CVE-2007-1558
Files: 
 b0ee07dc6149dff8fcabf8e3806fb14c 766 mail optional fetchmail_6.3.2-2ubuntu2.2.dsc
 b6f34c90edfb5be3fa625572e440d46f 190508 mail optional fetchmail_6.3.2-2ubuntu2.2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG+aLqH/9LqRcGPm0RApcgAJ0U0VG+OnYlMDoUuzD/RF+Cw5UqigCgpY3O
6ZZVlW2lAeXI10hmyvNmQQM=
=dX7j
-----END PGP SIGNATURE-----