openbsd-ports/mail/fetchmail
sthen 3927255cfd security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt

"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
  that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
  printable characters.

It is believed to be difficult to achieve all this."
2010-03-22 01:28:40 +00:00
..
files o update to fetchmail 5.9.6 2001-12-17 21:45:49 +00:00
patches security update to 6.3.14, heap overflow in verbose mode SSL cert display 2010-03-22 01:28:40 +00:00
pkg SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls 2009-10-11 20:52:17 +00:00
distinfo security update to 6.3.14, heap overflow in verbose mode SSL cert display 2010-03-22 01:28:40 +00:00
Makefile security update to 6.3.14, heap overflow in verbose mode SSL cert display 2010-03-22 01:28:40 +00:00