Accepting request 909104 from home:pmonrealgonzalez:branches:server:mail

- Update to 6.4.20: [bsc#1188875, CVE-2021-36386] * CVE-2021-36386: DoS or information disclosure in some configurations. When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation. fetchmail then reallocates memory and re-runs vsnprintf() without another call to va_start(), so it reads garbage. The exact impact depends on many factors around the compiler and operating system configurations used and the implementation details of the stdarg.h interfaces of the two functions mentioned before. OBS-URL: https://build.opensuse.org/request/show/909104 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=117
2021-08-03 08:51:27 +00:00 · 2021-08-03 08:51:27 +00:00 · 79e260e2ae
commit 79e260e2ae
parent 0c36900e2a
6 changed files with 35 additions and 20 deletions
--- a/fetchmail-6.4.19.tar.xz
+++ b/fetchmail-6.4.19.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cd8d11a3d103e50caa2ec64bcda6307eb3d0783a4d4dfd88e668b81aaf9d6b5f
-size 1316672
--- a/fetchmail-6.4.19.tar.xz.asc
+++ b/fetchmail-6.4.19.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE3EplW9mTzUhx+oIQ5BKxVu/zhVoFAmCEEUkACgkQ5BKxVu/z
-hVruog/+JAMIKFcNMT3z70vFJaFynuDirNNVBYXhjd62LBwDB8hCmscOAQ10ItQC
-QZ4rWfn2DBDta+4KN9bW88VYP33iiPM/q8sx9pH4g0j0TpqD9QCiPUy8knJlSkGR
-21nRx7D/Zw/He8sPu9wG7tfXLRY58G7MmPbyQe/ofudHInV2btDJ6eFWXh8F8yWr
-VafGsW6uDcmJBjn/x6XrnFOfyGEcUvjgR0kMJqDoGeKiplDvBglU1IgFwU5Gjkqa
-WEg/BVuGhFQTUDyBnaiq5FA0LBg5VUonAC5u0dTS2ZjiGbkKy4HLbOA0NKaiJuO6
-AlGvvaPTH1Bb33ZPtEv927wTe2t7fVIFp76nuGNyrCeIBtzdZObuynidpdUOqIvj
-WfhP+1GSZOikQEYN4z2cFgaHLZnOC5vfFJLlFSmUVfYOXicHnK9a4oPPPTcqT1KJ
-3ErldZptqGV82B0cXT6hLCVma1DZolI1TVa8Kusqxy2IBw12j7RAdxyGAyKR34MI
-zucHBaEde8NtOAbf5MSVQ6WlsX/qa5MUT0VrmCAtarVFwFECiZJEw0LXHUSUbz9E
-84IrrOWmzBFTfICNkaT8ZOax+4u0Ja2PAE4mSnNBcf9hM9LbveABnEAVLBEwV75F
-nLLNYBI2WRjaChBJUsiGcrZn+vTzyy/bZqENRXvffYd4R/V3jSY=
-=wQTQ
-----END PGP SIGNATURE-----
--- a/fetchmail-6.4.20.tar.xz
+++ b/fetchmail-6.4.20.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c82141ae2e8f0039ceb0c5c2eda43c5e93ad0bf7f9c6bb628092b3be74386176
+size 1317204
--- a/fetchmail-6.4.20.tar.xz.asc
+++ b/fetchmail-6.4.20.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE3EplW9mTzUhx+oIQ5BKxVu/zhVoFAmEBhtMACgkQ5BKxVu/z
+hVoVQBAAlSjS4HaUnnHFiNNtCP0QITl/7+a1tCS3E8HdAOyn+kU2idHJnFmQ/2jL
+Z2qkpXaKa8kvJHr/I603xJFxf9IMpLu2qD0IjMFOgzTjGWc7b/Vk1n1n88Oeo34V
+sGfMqxnqzeqW8ejdptbHFq4oJcfV1rZhT6w2mXwNJiH0e8w6EX4xqR/xU1Jyqvxo
+dmJpKt1uPGvkenSZvetyO4flwQKCwFGS6mx6taPpbHC4LsfugE+AP1AKPnEFg+Ai
+p1+5ieSkuSxIJc09EYw5ahfch2txV6cxX1qKkaWrmYkjfzKl2XyUOoUT+KjZBihR
+CwA5W4ybNxbIOOo9r1+UB8kQslhjDbpJuCnNEt3HpOzcGCHtEHbYqJhyvUq/DO19
+fYKSmg2DcC709oM3drQOXBk2NV5YJ6QWoBvEp3f169ZvsO+clwkPumUXADUdM8EK
+vwzwdn+a0LyoET+xmB5CSfxHwr8sizO2sihm6nZBR+hGQgoTkyRg7OckxAQu9Q/9
+dZ2S1srB2cWurrl/BIJYFTIWXV8Y66HI5USv1y5fAUFR4uFJVh/oQuhp3Jnykf9m
+Fgsb37MHK2EycwmYmIXMRyGpJ7w2EjBdoePYwi/YFJzHVuSSzC3k3Iz738xDgxA6
+ikE11M+GN+qXzyCfMQfE4l6MMvBZoB41mPm01j28nWMSZ7a9Glg=
+=brTa
+-----END PGP SIGNATURE-----
--- a/fetchmail.changes
+++ b/fetchmail.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Jul 29 07:57:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 6.4.20: [bsc#1188875, CVE-2021-36386]
+  * CVE-2021-36386: DoS or information disclosure in some configurations.
+    When a log message exceeds c. 2 kByte in size, for instance,
+    with very long header contents, and depending on verbosity
+    option, fetchmail can crash or misreport each first log message
+    that requires a buffer reallocation. fetchmail then reallocates
+    memory and re-runs vsnprintf() without another call to va_start(),
+    so it reads garbage. The exact impact depends on many factors
+    around the compiler and operating system configurations used and
+    the implementation details of the stdarg.h interfaces of the two
+    functions mentioned before.
+
 -------------------------------------------------------------------
 Thu May 13 16:57:09 UTC 2021 - Jeff Mahoney <jeffm@suse.com>

--- a/fetchmail.spec
+++ b/fetchmail.spec
@ -21,7 +21,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           fetchmail
-Version:        6.4.19
+Version:        6.4.20
 Release:        0
 Summary:        Full-Featured POP and IMAP Mail Retrieval Daemon
 License:        GPL-2.0-or-later