2011年6月 7日

[installer 2824] fetchmail-6.3.20

fetchmail-6.3.20 出ています。

STARTTLS における DoS ぜい弱性の修正が含まれています。
http://www.fetchmail.info/fetchmail-SA-2011-01.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1947
参照のこと。

☆ fetchmail-6.3.20

http://www.fetchmail.info/
http://developer.berlios.de/project/showfiles.php?group_id=1824
http://download.berlios.de/fetchmail/fetchmail-6.3.20.tar.bz2

fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):

# SECURITY BUG FIXES
* CVE-2011-1947:
STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
set timeout (default five minutes) now. This was reported missing, with
observed fetchmail freezes beyond a week, by Thomas Jarosch.
SSL-wrapped connections were unaffected by this timeout, so users of older
versions can force ssl-wrapped connections -- if supported by the server --
with the --ssl command line or ssl rcfile option.
See fetchmail-SA-2011-01.txt for further details.

# BUG FIXES
* IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
new messages and most of the range searches result in nothing. Instead, split
the long response to make the IMAP driver think that there are multiple lines
of response. (Sunil Shetye)
* Do not print "skipping message" for old messages even in verbose mode. If
there are too many old messages, the logs just get filled without any real
activity. (Sunil Shetye) (suggested by Yunfan Jiang)
* Build: fetchmail now always uses its own MD5 implementation rather than trying
to find a system library with matched header. The library and header variants
found on systems are too diverse, and the code size saving is not worth any
more wasted user or programmer time.

# CHANGES
* Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
* fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
there is no portable way to configure actual timeouts for this mode, and some
systems only support a system-wide timeout setting. fetchmail does not
attempt to tune the time spans of keepalive mode.

# TRANSLATION UPDATES
[cs] Chech (Petr Pisar)
[nl] Dutch (Erwin Poeze)

投稿者 xml-rpc : 2011年6月 7日 08:47
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/104480
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。