On Tue, 24 Jan 2006, Marcus Meissner wrote:
On Wed, Jan 18, 2006 at 10:59:46AM +0100, Aschwin Marsman wrote:
On Thu, 29 Dec 2005, Marcus Meissner wrote:
On Thu, Dec 29, 2005 at 09:19:04PM +0100, Aschwin Marsman wrote:
Fetchmail 6.3.1 was released a couple of days ago. I haven't seen a security update for SUSE 10.0 yet and havent found a new src rpm on: http://ftp.opensuse.org/pub/opensuse/distribution/SL-OSS-factory/inst-source... so I can build it myself easily.
In the latest summary I saw no list of open security issues, is that intentional?
Thanks for your reply.
We are still considering this.
As far as I can see this is the one where you actually need to connect to a bad server in multidrop mode ... and it will only cause a crash.
Fetchmail was found to crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2. I upgraded to 6.3.2 a couple of days ago. See http://fetchmail.berlios.de/ for those who are interested.
We will likely postpone this fix until a more serious issue is uncovered.
That's up to you.
Ciao, Marcus
Best regards, Aschwin Marsman -- aschwin@marsman.org http://www.marsman.org