Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 16 Jun 2008 11:07:01 -0800
From: Jonathan Smith <smithj@...ethemallocs.com>
To: matthias.andree@....de
CC: oss-security@...ts.openwall.com
Subject: Re: CVE Id Request: fetchmail <= 6.3.8 DoS when	logging
 long headers in -v -v mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Matthias Andree wrote:
> Impeding the 6.3.9 release, there are some nasty bugs that aren't
> security relevant which are pending the fix, but are hard to debug.

Are these bugs regressions against 6.3.8? If so, it might make sense to
cherry-pick the security fixes from svn and cut a 6.3.8.1 release with
6.3.8+patches. If not, why let non-regressions hold up 6.3.9?

	smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkhWudUACgkQCG91qXPaRelIxwCgljo90dSgky/T/FTXCLM4sfRp
/9cAn2hrrcwsuH8a9lIS45z5MiW3IK0c
=D/74
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux