rpms/fetchmail/FC-6 fetchmail-6.3.6-CVE-2007-4565.patch, NONE, 1.1 fetchmail.spec, 1.49, 1.50
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Sep 3 12:57:38 UTC 2007
Author: vcrhonek
Update of /cvs/dist/rpms/fetchmail/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv806
Modified Files:
fetchmail.spec
Added Files:
fetchmail-6.3.6-CVE-2007-4565.patch
Log Message:
Fix license, Fix fetchmail NULL pointer dereference (CVE-2007-4565)
fetchmail-6.3.6-CVE-2007-4565.patch:
sink.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE fetchmail-6.3.6-CVE-2007-4565.patch ---
--- fetchmail-6.3.6/sink.c_old 2007-09-03 12:41:36.000000000 +0200
+++ fetchmail-6.3.6/sink.c 2007-09-03 12:42:53.000000000 +0200
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
Index: fetchmail.spec
===================================================================
RCS file: /cvs/dist/rpms/fetchmail/FC-6/fetchmail.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- fetchmail.spec 22 Jan 2007 23:07:47 -0000 1.49
+++ fetchmail.spec 3 Sep 2007 12:57:35 -0000 1.50
@@ -4,14 +4,16 @@
Summary: A remote mail retrieval and forwarding utility
Name: fetchmail
Version: 6.3.6
-Release: 2%{?dist}
+Release: 3%{?dist}
Requires: smtpdaemon
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
Patch0: fetchmail-6.2.5-addrconf.patch
Patch1: fetchmail-6.3.6-kpop.patch
+Patch2: fetchmail-6.3.6-CVE-2007-4565.patch
URL: http://fetchmail.berlios.de/
-License: GPL
+# For a breakdown of the licensing, see COPYING
+License: GPL+ and GPLv2 and Public Domain
Group: Applications/Internet
Buildroot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: gettext-devel hesiod-devel krb5-devel openssl-devel
@@ -48,6 +50,7 @@
%setup -q
%patch0 -p1 -b .addrconf
%patch1 -p1 -b .kpop
+%patch2 -p1 -b .cve_2007_4565
%build
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -85,6 +88,11 @@
%endif
%changelog
+* Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.6-3
+- Fix license
+- Fix fetchmail NULL pointer dereference (CVE-2007-4565)
+ Resolves: #260881
+
* Mon Jan 22 2007 Miloslav Trmac <mitr at redhat.com> - 6.3.6-2
- Let KPOP use PASS again
Resolves: #223661
More information about the fedora-cvs-commits
mailing list