[Technik] [SECURITY] [DSA 1259-1] New fetchmail packages fix
information disclosure
Noèl Köthe
noel at debian.org
Thu Feb 15 08:29:47 CET 2007
Am Mittwoch, den 14.02.2007, 21:46 +0100 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1259-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> February 14th, 2007 http://www.debian.org/security/faq
>
> Package : fetchmail
> Vulnerability : programming error
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CVE-2006-5867
fetchmail auf h01, h02, h03, h04 und h90 aktualisiert.
> For the stable distribution (sarge) this problem has been fixed in
> version 6.2.5-12sarge5.
fetchmail (6.2.5-12sarge5) stable-security; urgency=high
* SECURITY UPDATE: password can leak in cleartext when SSL configured.
* Makefile.in, tls.c, pop2.c, pop3.c, imap.c, smtp.c, fetchmail.h: fixes
extracted from Ubuntu who got it backporting from upstream.
[CVE-2006-5867]
-- Hector Garcia <hector at debian.org> Thu, 1 Feb 2007 12:08:55 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070215/7d7d24e5/attachment-0001.pgp
More information about the Technik
mailing list