This denial-of-service vulnerability has been known as
CVE-2011-1947
for a while, and got fixed in a later fetchmail release (see above - but
note that 6.3.22 fixes even more security bugs)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1947
** Summary changed:
-
This is fixed in 6.3.18 (note that 6.3.19 is the current bug-fix release):
...
* Fetchmail will now apply timeouts to the authentication stage.
This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
Reported missing by Thomas Jarosch.
Please upgrade to 6.3.19. Note I will not provide
** Summary changed:
- fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshare on DSL connection
+ fetchmail-6.3.9-rc2-4ubuntu5 hangs in SSL handshake on DSL connection
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
