Accepted fetchmail 6.3.4-1ubuntu4.2 (source)

[Ubuntu Installer]

Accepted:
 OK: fetchmail_6.3.4.orig.tar.gz
 OK: fetchmail_6.3.4-1ubuntu4.2.diff.gz
 OK: fetchmail_6.3.4-1ubuntu4.2.dsc
     -> Component: main Section: mail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 25 Sep 2007 10:29:49 -0400
Source: fetchmail
Binary: fetchmailconf fetchmail
Architecture: source
Version: 6.3.4-1ubuntu4.2
Distribution: edgy-security
Urgency: low
Maintainer: Jamie Strandboge <jamie at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 fetchmail  - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmailconf - fetchmail configurator
Changes: 
 fetchmail (6.3.4-1ubuntu4.2) edgy-security; urgency=low
 .
   * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
     send certain warning messages
   * added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
   * SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
     attackers may be able to acquire a portion of a user's authentication
     credentials using man-in-the-middle techniques.
   * added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
     limitations as well as updating pop3.c to more strictly validate the
     presented challenge for RFC-822 conformity. This change to pop3.c does
     not fix the APOP design flaw, but does make attacks against APOP somewhat
     more difficult.
   * References
     CVE-2007-4565
     CVE-2007-1558
Files: 
 5896f0d44a778f5aa234e5645fde1d1c 765 mail optional fetchmail_6.3.4-1ubuntu4.2.dsc
 9f96afa7114c4ff7d83d52ddff3a7734 54883 mail optional fetchmail_6.3.4-1ubuntu4.2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG+aL0H/9LqRcGPm0RAhj7AJ47IETWp8o+uJFzISdEX5cmmWX3bwCfbO+8
Gobq8ULQsGOO7iyuAyO4uOE=
=X8dm
-----END PGP SIGNATURE-----