rpms/fetchmail/F-7 fetchmail-6.3.7-CVE-2007-4565.patch, NONE, 1.1 fetchmail.spec, 1.51, 1.52

Vitezslav Crhonek (vcrhonek) fedora-extras-commits at redhat.com
Mon Sep 3 12:46:40 UTC 2007 

Author: vcrhonek

Update of /cvs/extras/rpms/fetchmail/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29182

Modified Files:
	fetchmail.spec 
Added Files:
	fetchmail-6.3.7-CVE-2007-4565.patch 
Log Message:
Fix license, Fix fetchmail NULL pointer dereference (CVE-2007-4565)

fetchmail-6.3.7-CVE-2007-4565.patch:

--- NEW FILE fetchmail-6.3.7-CVE-2007-4565.patch ---
--- fetchmail-6.3.7/sink.c_old	2007-08-31 12:17:54.000000000 +0200
+++ fetchmail-6.3.7/sink.c	2007-08-31 12:16:08.000000000 +0200
@@ -262,7 +262,7 @@
     const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
 
     /* don't bounce in reply to undeliverable bounces */
-    if (!msg->return_path[0] ||
+    if (!msg || !msg->return_path[0] ||
 	strcmp(msg->return_path, "<>") == 0 ||
 	strcasecmp(msg->return_path, md1) == 0 ||
 	strncasecmp(msg->return_path, md2, strlen(md2)) == 0)


Index: fetchmail.spec
===================================================================
RCS file: /cvs/extras/rpms/fetchmail/F-7/fetchmail.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- fetchmail.spec	19 Feb 2007 00:47:48 -0000	1.51
+++ fetchmail.spec	3 Sep 2007 12:46:08 -0000	1.52
@@ -4,13 +4,15 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Requires: smtpdaemon
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
 Patch0: fetchmail-6.2.5-addrconf.patch
+Patch1: fetchmail-6.3.7-CVE-2007-4565.patch
 URL: http://fetchmail.berlios.de/
-License: GPL
+# For a breakdown of the licensing, see COPYING
+License: GPL+ and GPLv2 and Public Domain
 Group: Applications/Internet
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: gettext-devel hesiod-devel krb5-devel openssl-devel
@@ -46,6 +48,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .addrconf
+%patch1 -p1 -b .cve_2007_4565
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -83,6 +86,11 @@
 %endif
 
 %changelog
+* Mon Sep  3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.7-2
+- Fix license
+- Fix fetchmail NULL pointer dereference (CVE-2007-4565)
+  Resolves: #260861
+
 * Mon Feb 19 2007 Miloslav Trmac <mitr at redhat.com> - 6.3.7-1
 - Update to fetchmail-6.3.7

More information about the fedora-extras-commits mailing list