am I a sitting duck for fetchmail hole because can't upgrade?

To: debian-user@lists.debian.org
Subject: am I a sitting duck for fetchmail hole because can't upgrade?
From: Dan Jacobson <jidanni@dman.ddts.net>
Date: 26 Dec 2002 03:18:51 +0800
Message-id: <[🔎] 87y96drjok.fsf@jidanni.org>

Just curious, we see a security bulletin that fetchmail should be
upgraded to avoid a malformed hostname threat.

I could wget the new fetchmail .deb with my flimsy modem but I see it
depends on libc6 that is newer than the one on the sid cd set of
2002.10.10 that I have installed.

If I also get the new libc6 that probably means I got to make a lot of
other changes too which means I really should have a new CD set? Which
means I have to go to town and ask my friend to burn a new set which
is something I didn't want to have to do more than once a year.

So I am a sitting duck for a malformed mail message?  Perhaps as at
least my other pal runs an spamassassin and exim filter on my mail
before I download it with fetchmail, perhaps I can change a rule in
.exim/filter to protect myself?  Or maybe something can be done in
fetchmailrc?

P.S. on http://packages.debian.org/unstable/mail/fetchmail-ssl.html
it says it depends on "fetchmail-common (= 6.1.2-1) (NOT AVAILABLE)"
Does that mean one is screwed either way?
-- 
http://jidanni.org/ Taiwan(04)25854780

Reply to:

Follow-Ups:
- Re: am I a sitting duck for fetchmail hole because can't upgrade?
  - From: Bob Nielsen <nielsen@oz.net>
- Re: am I a sitting duck for fetchmail hole because can't upgrade?
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: ^G beeps also come out my fancy speakers
Next by Date: Re: pon poff authority
Previous by thread: ^G beeps also come out my fancy speakers
Next by thread: Re: am I a sitting duck for fetchmail hole because can't upgrade?
Index(es):
- Date
- Thread