Bug 14609 – fetchmail 6.3.8 vulnerable to CVE-2007-4565 and CVE-2008-2711

Bug 14609 - fetchmail 6.3.8 vulnerable to CVE-2007-4565 and CVE-2008-2711

Summary:

fetchmail 6.3.8 vulnerable to CVE-2007-4565 and CVE-2008-2711

Status:	CLOSED FIXED

Product:	Codex
Classification:	Unclassified
Component:	mail
Version:	stable grimoire
Platform:	All Linux

Importance:	P4 major
Assigned To:	Grimoire Bug List

URL:	http://fetchmail.berlios.de/

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-07-29 23:47 UTC by Elisamuel Resto
Modified:	2008-08-19 10:59 UTC (History)
CC List:	1 user (show)

See Also:

Flags:
ryuji: fixed_in_lesser_branch+ svn: integrate_to_stable_grimoire+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Elisamuel Resto 2008-07-29 23:47:35 UTC

fetchmail-6.3.8 is vulnerable to multiple crashes described below. The recommended course of action was to either patch 6.3.8 with the included patches or update to the latest release candidate which was preferred. This was fixed in test with commit 502c4868f739c75af1a1748471373eb0a47ea66a.

Requesting integration to stable-0.23.

CVE-2007-4565:
 - http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt
 - http://secunia.com/cve_reference/CVE-2007-4565/

CVE-2008-2711:
 - http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
 - http://secunia.com/cve_reference/CVE-2008-2711/

Comment 1 Elisamuel Resto 2008-07-29 23:51:06 UTC

Forgot the spell name, dangit, but I posted on sm-security:
 - http://article.gmane.org/gmane.linux.sourcemage.security/82

Comment 2 Jaka Kranjc 2008-07-30 07:48:52 UTC

Approved. Next time please don't include other changes.

Comment 3 Arwed v. Merkatz 2008-08-19 10:59:59 UTC

In stable 0.24-0.