Yes, but fetchmail appears more exploitable: (from the NetBSD Package Collection; ftp.netbsd.org/pub/NetBSD/packages/ )
The following security vulnerabilities are known for mail/fetchmail at Jul 20 01:30 : * fetchmail<5.8.8 has a remote-user-access exploit (see http://www.securityfocus.com/vdb/?id=2877 for more details) * fetchmail<5.8.17 has a remote-user-shell exploit (see http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1 %26mid%3D203165 for more details) * fetchmail<5.9.10 has a remote-user-access exploit (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146 for more details) * fetchmail<=6.0.0 has a remote-code-execution exploit (see http://security.e-matters.de/advisories/032002.html for more details) * fetchmail<6.1.0 has a remote-user-shell exploit (see http://online.securityfocus.com/bid/5825 for more details) * fetchmail<6.1.0 has a denial-of-service exploit (see http://online.securityfocus.com/bid/5826 for more details) * fetchmail<6.1.0 has a remote-user-shell exploit (see http://online.securityfocus.com/bid/5827 for more details) * fetchmail<6.2.0 has a remote-code-execution exploit (see http://security.e-matters.de/advisories/052002.html for more details) * fetchmail<6.2.4nb2 has a denial-of-service exploit (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0790 for more details) The following security vulnerabilities are known for mail/getmail at Jul 20 01:30 : (no vulnerabilities known) Of course fetchmail is more widely used so there's that many more eyes looking at it. Ralph Zeller <[EMAIL PROTECTED]> wrote: > On 07/23/04 02pm, Jason Van Cleve wrote: > > If anyone prefers fetchmail to getmail, please say why. > > Fetchmail is more time tested and proven? > > <quoting from getmail-4/CHANGELOG> > > Version 4.0.0a1 > 14 June 2004 > > -first alpha release of getmail version 4 > > Changes since getmail version 3 > ------------------------------- > -complete rewrite > > </quote> -- new smaller signature here _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug