Ubuntu
fetchmail package

  1. Bug #24758
  2. Comment #19

Comment 19 for bug 24758

Revision history for this message
In , Loïc Minier (lool) wrote : Re: Bug#323027: IMPORTANT: fetchmail regression in 6.2.5-12sarge1

On Mon, Nov 14, 2005, Nico Golde wrote:
> What do you think exactly? The changes from 6.2.5.2 fixed
> CVE-2005-2335, Steve Kemp prepared the fixed package.
> But you are right it seems that some things are broken, for
> example the apop support.

 I think the changes in 6.2.5.2 included a fix for CVE-2005-2335, and
 only this fix should have been uploaded.

 Now that sarge2 is already on the tracks, I propose to prepare a sarge3
 with everything from sarge1 reverted and fetchmail_CAN-2005-2335.diff
 applied instead (along with patch.CVE-2005-3088.fetchmail of course).

 Security team, please ack the proposed changes.

 Alternatively, we could live with the regression and I could prepare a
 stable upload with all fixes from 6.2.5.4.

   Bye,
--
Loïc Minier <email address hidden>