rpms/fetchmail/FC-6 fetchmail-6.3.6-CVE-2007-4565.patch, NONE, 1.1 fetchmail.spec, 1.49, 1.50

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Sep 3 12:57:38 UTC 2007 

Author: vcrhonek

Update of /cvs/dist/rpms/fetchmail/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv806

Modified Files:
	fetchmail.spec 
Added Files:
	fetchmail-6.3.6-CVE-2007-4565.patch 
Log Message:
Fix license, Fix fetchmail NULL pointer dereference (CVE-2007-4565)

fetchmail-6.3.6-CVE-2007-4565.patch:
 sink.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE fetchmail-6.3.6-CVE-2007-4565.patch ---
--- fetchmail-6.3.6/sink.c_old	2007-09-03 12:41:36.000000000 +0200
+++ fetchmail-6.3.6/sink.c	2007-09-03 12:42:53.000000000 +0200
@@ -262,7 +262,7 @@
     const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
 
     /* don't bounce in reply to undeliverable bounces */
-    if (!msg->return_path[0] ||
+    if (!msg || !msg->return_path[0] ||
 	strcmp(msg->return_path, "<>") == 0 ||
 	strcasecmp(msg->return_path, md1) == 0 ||
 	strncasecmp(msg->return_path, md2, strlen(md2)) == 0)


Index: fetchmail.spec
===================================================================
RCS file: /cvs/dist/rpms/fetchmail/FC-6/fetchmail.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- fetchmail.spec	22 Jan 2007 23:07:47 -0000	1.49
+++ fetchmail.spec	3 Sep 2007 12:57:35 -0000	1.50
@@ -4,14 +4,16 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 Requires: smtpdaemon
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
 Patch0: fetchmail-6.2.5-addrconf.patch
 Patch1: fetchmail-6.3.6-kpop.patch
+Patch2: fetchmail-6.3.6-CVE-2007-4565.patch
 URL: http://fetchmail.berlios.de/
-License: GPL
+# For a breakdown of the licensing, see COPYING
+License: GPL+ and GPLv2 and Public Domain
 Group: Applications/Internet
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: gettext-devel hesiod-devel krb5-devel openssl-devel
@@ -48,6 +50,7 @@
 %setup -q
 %patch0 -p1 -b .addrconf
 %patch1 -p1 -b .kpop
+%patch2 -p1 -b .cve_2007_4565
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -85,6 +88,11 @@
 %endif
 
 %changelog
+* Mon Sep  3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.6-3
+- Fix license
+- Fix fetchmail NULL pointer dereference (CVE-2007-4565)
+  Resolves: #260881
+
 * Mon Jan 22 2007 Miloslav Trmac <mitr at redhat.com> - 6.3.6-2
 - Let KPOP use PASS again
   Resolves: #223661

More information about the fedora-cvs-commits mailing list