|
|
|
|
| |
Credit:
The information has been provided by ma.
The original article can be found at: http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt
The bug report can be found at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747
|
| |
Vulnerable Systems:
* fetchmail version 6.3.1 and prior
* fetchmail version 6.3.2-rc3 and prior
Immune Systems:
* fetchmail version 6.3.2-rc4
* fetchmail version 6.3.2
Fetchmail contains a bug that causes itself to crash when bouncing a message to the originator or to the local postmaster. The crash happens after the bounce message has been sent, when fetchmail tries to free the dynamic array of failed addresses, and calls the free() function with an invalid pointer.
Vendor Status:
The vendor has issued a fix with fetchmail version 6.3.2 or a newer stable release that can be downloaded from fetchmail's project site at http://developer.berlios.de/project/showfiles.php?group_id=1824
The aged fetchmail 6.2.5.X branch is discontinued effective immediately.
No further releases from the 6.2.5.X branch will be made.
The new 6.3.X stable branch has been available since 2005-11-30 and will not change except for bugfixes, documentation and message translations.
CVE Information:
CVE-2006-0321
Disclosure Timeline:
2006-01-19 - Internal review draft
2006-01-20 - Add CVE ID
2006-01-22 - Release 1.0
|
|
|
|
|
