rpms/fetchmail/F-7 fetchmail-6.3.7-CVE-2007-4565.patch, NONE, 1.1 fetchmail.spec, 1.51, 1.52
Vitezslav Crhonek (vcrhonek)
fedora-extras-commits at redhat.com
Mon Sep 3 12:46:40 UTC 2007
Author: vcrhonek
Update of /cvs/extras/rpms/fetchmail/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29182
Modified Files:
fetchmail.spec
Added Files:
fetchmail-6.3.7-CVE-2007-4565.patch
Log Message:
Fix license, Fix fetchmail NULL pointer dereference (CVE-2007-4565)
fetchmail-6.3.7-CVE-2007-4565.patch:
--- NEW FILE fetchmail-6.3.7-CVE-2007-4565.patch ---
--- fetchmail-6.3.7/sink.c_old 2007-08-31 12:17:54.000000000 +0200
+++ fetchmail-6.3.7/sink.c 2007-08-31 12:16:08.000000000 +0200
@@ -262,7 +262,7 @@
const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
/* don't bounce in reply to undeliverable bounces */
- if (!msg->return_path[0] ||
+ if (!msg || !msg->return_path[0] ||
strcmp(msg->return_path, "<>") == 0 ||
strcasecmp(msg->return_path, md1) == 0 ||
strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
Index: fetchmail.spec
===================================================================
RCS file: /cvs/extras/rpms/fetchmail/F-7/fetchmail.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- fetchmail.spec 19 Feb 2007 00:47:48 -0000 1.51
+++ fetchmail.spec 3 Sep 2007 12:46:08 -0000 1.52
@@ -4,13 +4,15 @@
Summary: A remote mail retrieval and forwarding utility
Name: fetchmail
Version: 6.3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
Requires: smtpdaemon
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
Patch0: fetchmail-6.2.5-addrconf.patch
+Patch1: fetchmail-6.3.7-CVE-2007-4565.patch
URL: http://fetchmail.berlios.de/
-License: GPL
+# For a breakdown of the licensing, see COPYING
+License: GPL+ and GPLv2 and Public Domain
Group: Applications/Internet
Buildroot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: gettext-devel hesiod-devel krb5-devel openssl-devel
@@ -46,6 +48,7 @@
%prep
%setup -q
%patch0 -p1 -b .addrconf
+%patch1 -p1 -b .cve_2007_4565
%build
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -83,6 +86,11 @@
%endif
%changelog
+* Mon Sep 3 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.7-2
+- Fix license
+- Fix fetchmail NULL pointer dereference (CVE-2007-4565)
+ Resolves: #260861
+
* Mon Feb 19 2007 Miloslav Trmac <mitr at redhat.com> - 6.3.7-1
- Update to fetchmail-6.3.7
More information about the fedora-extras-commits
mailing list