oss-sec mailing list archives
fetchmail 6.3.20 release to fix CVE-2011-1947 (was: CVE request for fetchmail STARTTLS hang (Denial of Service))
From: Matthias Andree <matthias.andree () gmx de>
Date: Mon, 06 Jun 2011 17:02:27 +0200
Greetings, I've just released fetchmail 6.3.20 to fix the STARTTLS denial-of-service problem present in all earlier fetchmail releases, CVE-2011-1947. Note that distributors are advised to thoroughly check the NEWS file and consider doing a stable release update rather than just backporting the security fixes, there were several notable bug fixes. At least do note <http://www.fetchmail.info/fetchmail-EN-2010-03.txt> - it's a good opportunity to fix this, too... Changelog: https://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/NEWS Homepage: http://www.fetchmail.info/ Downloads: http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=18583 Best regards, Matthias Andree Hat: fetchmail maintainer
Current thread:
- CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (May 30)
- Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Josh Bressers (May 31)
- Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (May 31)
- Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (Jun 01)
- fetchmail 6.3.20 release to fix CVE-2011-1947 (was: CVE request for fetchmail STARTTLS hang (Denial of Service)) Matthias Andree (Jun 06)
- Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (May 31)
- Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Josh Bressers (May 31)