From owner-freebsd-security  Fri Aug 17  2:16:35 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 1CB1037B408
	for <freebsd-security@freebsd.org>; Fri, 17 Aug 2001 02:16:32 -0700 (PDT)
	(envelope-from arr@watson.org)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7H9GVv05860
	for <freebsd-security@freebsd.org>; Fri, 17 Aug 2001 05:16:31 -0400 (EDT)
	(envelope-from arr@watson.org)
Date: Fri, 17 Aug 2001 05:16:31 -0400 (EDT)
From: "Andrew R. Reiter" <arr@watson.org>
To: freebsd-security@freebsd.org
Subject: fetchmail fix -- Deleted other thread :-(
Message-ID: <Pine.NEB.3.96L.1010817051406.5846A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


To answer the question, kkenn updated the fetchmail package to get the
non-vulnerable version.  If you check the cvs log:

revision 1.127
date: 2001/08/09 21:35:36;  author: kris;  state: Exp;  lines: +2 -2
Upgrade to 5.8.17 ("Another victory for Open Source!").  This fixes a
remotely exploitable buffer overflow when connecting to a malicious
server.

So, update your ports.

Andrew

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message