8 Aug
2001
8 Aug
'01
13:55
Be advised that Eric S. Raymond has just released fetchmail 5.8.17 which
contains a "SECURITY" bugfix:
http://www.tuxedo.org/~esr/fetchmail/NEWS
fetchmail-5.8.17 (Tue Aug 7 20:05:36 EDT 2001), 21056 lines:
* SECURITY FIX: Fixed a security hole that is exploitable if fetchmail
is running as root and the attacker can either subvert the mailserver
or redirect to a fake one using DNS spoofing. Bugtraq announcement to
follow soon. Thanks to Salvatore Sanfilippo