cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52b8bfb563
openbsd-ports/mail/fetchmail/distinfo
sthen 3927255cfd security update to 6.3.14, heap overflow in verbose mode SSL cert display 
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt

"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
  that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
  printable characters.

It is believed to be difficult to achieve all this."
2010-03-22 01:28:40 +00:00

6 lines
309 B
Plaintext
Raw Blame History

MD5 (fetchmail-6.3.14.tar.bz2) = htPPvOFRiB2L92oe/Vvaag==
RMD160 (fetchmail-6.3.14.tar.bz2) = YgAXZN6tUqZs3sI5IJST8VA/45c=
SHA1 (fetchmail-6.3.14.tar.bz2) = K8GPEh1bmeIlhJcMb4tiu2VDDEw=
SHA256 (fetchmail-6.3.14.tar.bz2) = hlf3hvWvGFfds7UCA+bN4u+tQ/SYKJc8uyL21DEghgc=
SIZE (fetchmail-6.3.14.tar.bz2) = 1621188
Reference in New Issue View Git Blame Copy Permalink