From owner-freebsd-security  Thu Aug 16 19: 0:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-193.dsl.lsan03.pacbell.net [63.207.60.193])
	by hub.freebsd.org (Postfix) with ESMTP id 9600337B401
	for <security@FreeBSD.ORG>; Thu, 16 Aug 2001 19:00:19 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 124A166F68; Thu, 16 Aug 2001 19:00:19 -0700 (PDT)
Date: Thu, 16 Aug 2001 19:00:18 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Dragos Ruiu <dr@kyx.net>
Cc: security@FreeBSD.ORG
Subject: Re: does the fetchmail ssl remote vuln apply to freebsd?
Message-ID: <20010816190018.A81586@xor.obsecurity.org>
References: <0108161841280S.33176@smp.kyx.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <0108161841280S.33176@smp.kyx.net>; from dr@kyx.net on Thu, Aug 16, 2001 at 06:40:47PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Aug 16, 2001 at 06:40:47PM -0700, Dragos Ruiu wrote:
> http://lwn.net/alerts/EnGarde/ESA-20010816-01.php3

I'm not certain; it's usually really hard to figure out details of
vulnerabilities from those Linnex advisories.  They usually don't
bother to mention what versions are affected: sometimes they don't
even mention what the problem is, although this one at least mentions
the nature of the bug, if not the effect.

There was something which sounds similar fixed in fetchmail 5.8.17,
for which we hope to have an advisory out before too long.  I'm a bit
snowed under at the moment.

Kris

--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7fHqyWry0BWjoQKURAk9nAKDlvkJysyFcTre46dZT/c6C3/IgAACfavEf
MKVx9OV0khRkenVkpU2oWIM=
=rniq
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message