Date: Mon, 16 Jun 2008 09:42:00 +0200 From: Matthias Andree <matthias.andree@....de> To: oss-security@...ts.openwall.com Subject: Re: CVE Id Request: fetchmail <= 6.3.8 DoS when logging long headers in -v -v mode On Sun, 15 Jun 2008, Robert Buchholz wrote: > Hi Matthias, > > On Friday 13 June 2008, Matthias Andree wrote: > > Affects: fetchmail release < 6.3.9 exclusively > > > > Not affected: fetchmail release 6.3.9 and newer > > systems without varargs (stdargs.h) support. > > > > Corrected: 2008-06-13 fetchmail SVN (rev XXX) > > Is there an ETA for the 6.3.9 release? The last advisory in 2007-09 also > recommended to upgrade to this still unreleased version. You're right, but I'm sorry to say there is no estimated release date - it's "as soon as it's ready", and the official patches are part of the advisories, taken from the SVN repository - and beyond that are what distributors usually ask for. fetchmail is, in spite of its widespread use, effectively a one-man spare-time show. Impeding the 6.3.9 release, there are some nasty bugs that aren't security relevant which are pending the fix, but are hard to debug. -- Matthias Andree
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.