Accepted fetchmail 6.3.6-1ubuntu2.1 (source)

Ubuntu Installer archive at ubuntu.com
Wed Sep 26 01:55:51 BST 2007 

Accepted:
 OK: fetchmail_6.3.6.orig.tar.gz
 OK: fetchmail_6.3.6-1ubuntu2.1.diff.gz
 OK: fetchmail_6.3.6-1ubuntu2.1.dsc
     -> Component: main Section: mail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 25 Sep 2007 09:55:32 -0400
Source: fetchmail
Binary: fetchmailconf fetchmail
Architecture: source
Version: 6.3.6-1ubuntu2.1
Distribution: feisty-security
Urgency: low
Maintainer: Jamie Strandboge <jamie at ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 fetchmail  - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
 fetchmailconf - fetchmail configurator
Changes: 
 fetchmail (6.3.6-1ubuntu2.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
     send certain warning messages
   * added 02_CVE-2007-4565.patch to sink.c to verify msg is not NULL
   * SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
     attackers may be able to acquire a portion of a user's authentication
     credentials using man-in-the-middle techniques.
   * added 03_CVE-2007-1558.patch.  This patch adds notes about APOP's
     limitations as well as updating pop3.c to more strictly validate the
     presented challenge for RFC-822 conformity. This change to pop3.c does
     not fix the APOP design flaw, but does make attacks against APOP somewhat
     more difficult.
   * added 04_manpage.patch for improperly formatted manpage (upstream bug)
   * References
     CVE-2007-4565
     CVE-2007-1558
   * Modify Maintainer value to match the DebianMaintainerField
     specification.
Files: 
 8dee518a1b9c90ff5bd5f3eb6a007c1d 966 mail optional fetchmail_6.3.6-1ubuntu2.1.dsc
 05af2c1bb84df24da58935e51d7b6002 56402 mail optional fetchmail_6.3.6-1ubuntu2.1.diff.gz
Original-Maintainer: Fetchmail Maintainers <pkg-fetchmail-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG+aMCH/9LqRcGPm0RAjuuAKCInJ9BJNuTmNg4agGWnvsLDehfkQCgiJhP
8CZjbbZS0idDipgqHZv9XI0=
=au+a
-----END PGP SIGNATURE-----

More information about the feisty-changes mailing list