-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 31 Aug 2009 19:02:34 +0000 Source: fetchmail Binary: fetchmailconf fetchmail Architecture: source amd64 all Version: 6.3.6-1etch3 Distribution: oldstable Urgency: low Maintainer: Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: fetchmail - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder fetchmailconf - fetchmail configurator Changes: fetchmail (6.3.6-1etch3) oldstable; urgency=low . * Fix CVE-2008-2711: possible denial of service vulnerability if used with -vv when parsing large data blobs because of an uninitialized argument pointer. * Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult (CVE-2007-1558). Files: 728a42e8fa405943caa2870b2200fd69 882 mail optional fetchmail_6.3.6-1etch3.dsc 53ca9788ea2cd689846d8fca3cf7ca84 47925 mail optional fetchmail_6.3.6-1etch3.diff.gz 41307ba6df4162f45dd97b7756f11542 61768 mail optional fetchmailconf_6.3.6-1etch3_all.deb 0067ef9808e6c559b424cc565ca562f3 650416 mail optional fetchmail_6.3.6-1etch3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqkJPkACgkQHYflSXNkfP/r/wCfXTYnPX5k/gCnVUSWJHLgPPye MNkAoJG6002/DmmdhNwFGV4XexU0EO2h =3DAW -----END PGP SIGNATURE----- Accepted: fetchmail_6.3.6-1etch3.diff.gz to pool/main/f/fetchmail/fetchmail_6.3.6-1etch3.diff.gz fetchmail_6.3.6-1etch3.dsc to pool/main/f/fetchmail/fetchmail_6.3.6-1etch3.dsc fetchmail_6.3.6-1etch3_amd64.deb to pool/main/f/fetchmail/fetchmail_6.3.6-1etch3_amd64.deb fetchmailconf_6.3.6-1etch3_all.deb to pool/main/f/fetchmail/fetchmailconf_6.3.6-1etch3_all.deb