<table width="100%" cellpadding="0" summary="Canned page header">
<tr>
<td>Fetchmail</td>
-<td align="right"><!-- update date -->2010-10-09</td>
+<td align="right"><!-- update date -->2010-10-16</td>
</tr>
</table>
</div>
<a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br>
<a href="design-notes.html">Design Notes</a><br>
<a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br>
- <a href="security.html">Security</a><br>
+ <a href="security.html">Security/Errata</a><br>
<a href="http://gitorious.org/fetchmail/fetchmail/">Development</a><br>
<a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br>
<hr>
<div style="background-color:#c0ffc0;color:#000000;">
<h1>NEWS: FETCHMAIL 6.3.18 RELEASE</h1>
+ <p style="background-color:#ffc0c0;color:#000000;">On 2010-10-16, <a
+ href="fetchmail-EN-2010-03.txt">an erratum notice was issued</a>
+ to document important fixes made in the 6.3.18 release listed
+ below. Distributors are advised to upgrade their packages to
+ 6.3.18.</p>
<p>On 2010-10-09, <a
href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.18
has been released (this is the download link),</a> fixing a
regression of the rcfile parser from 6.3.0, a security bug in debug
output that can cause memory exhaustion and abort, and improves SSL
- usability. It is a recommended update for all users. <a
+ usability. It is a recommended update for all users and
+ distributors. <a
href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=17957">Click
here to see the change details.</a>
</p>
<a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br>
<a href="design-notes.html">Design Notes</a><br>
<a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br>
+ Security/Errata<br>
<a href="http://gitorious.org/fetchmail/fetchmail/">Development</a><br>
<a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br>
<hr>
<div id="Content">
- <h1>Fetchmail Security Information</h1>
- <p>These security issues (listed immediately below) have become
- known to the fetchmail maintainer to the date mentioned above. Note
- that fetchmail 6.2.X and older are no longer supported and contain
+ <h1>Fetchmail Security and Errata Information</h1>
+ <p>These security issues (listed immediately below) and critical
+ issues have become
+ known to the fetchmail maintainer to the date mentioned above.</p>
+
+ <p>Note that fetchmail 6.2.X and older are no longer supported and contain
some of the problems mentioned below, even if they aren't mentioned
in the security announcements:</p>
<ul>
+ <li><a name="fetchmail-EN-2010-03">EN-2010-03</a>: Fetchmail <a href="fetchmail-EN-2010-03.txt">fails
+ POP3/IMAP authentication by not performing SASL AUTH
+ properly.</a> This was a long-standing bug fixed in release
+ 6.3.18.</li>
<li><a name="cve-2010-1167"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1167">CVE-2010-1167:</a>
Fetchmail <a href="fetchmail-SA-2010-02.txt">could exhaust all
projects / ~andy / fetchmail / commitdiff