Saturday, January 27, 2007

Patched Fetchmail Packages

Patrick Volkerding has released a patched fetchmail (it's an upgrade actually, but released under /patches directory) which fixed two security issues. Here's the latest -stable changelog:
Wed Jan 24 14:15:07 CST 2007
Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug introduced in fetchmail-6.3.5 could cause fetchmail to crash. However, no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long standing bug (reported by Isaac Wilcox) could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise.
All fetchmail users are encouraged to consider using getmail, or to upgrade to the new fetchmail packages.
For more information, see:
(* Security fix *)