Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 06 Jun 2011 17:02:27 +0200
From: Matthias Andree <matthias.andree@....de>
To: oss-security@...ts.openwall.com
Subject: fetchmail 6.3.20 release to fix CVE-2011-1947 (was: CVE request for
 fetchmail STARTTLS hang (Denial of Service))

Greetings,

I've just released fetchmail 6.3.20 to fix the STARTTLS
denial-of-service problem present in all earlier fetchmail releases,
CVE-2011-1947.

Note that distributors are advised to thoroughly check the NEWS file and
consider doing a stable release update rather than just backporting the
security fixes, there were several notable bug fixes.

At least do note <http://www.fetchmail.info/fetchmail-EN-2010-03.txt> -
it's a good opportunity to fix this, too...

Changelog:
https://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/NEWS

Homepage:
http://www.fetchmail.info/

Downloads:
http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=18583

Best regards,
Matthias Andree
Hat: fetchmail maintainer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.