Re: am I a sitting duck for fetchmail hole because can't upgrade?
You could do as I did (I'm running sarge) and create a .deb from
source (I used 'apt-get build-deps fetchmail ; apt-get -b source
fetchmail', but you can just download fetchmail_6.2.0-2.diff.gz,
fetchmail_6.2.0-2.dsc, fetchmail_6.2.0.orig.tar.gz and
fetchmail_6.2.0-2_i386.changes and use dpkg-source). Version 6.2.0-2
does not depend on fetchmail-common.
Bob
On Thu, Dec 26, 2002 at 03:18:51AM +0800, Dan Jacobson wrote:
> Just curious, we see a security bulletin that fetchmail should be
> upgraded to avoid a malformed hostname threat.
>
> I could wget the new fetchmail .deb with my flimsy modem but I see it
> depends on libc6 that is newer than the one on the sid cd set of
> 2002.10.10 that I have installed.
>
> If I also get the new libc6 that probably means I got to make a lot of
> other changes too which means I really should have a new CD set? Which
> means I have to go to town and ask my friend to burn a new set which
> is something I didn't want to have to do more than once a year.
>
> So I am a sitting duck for a malformed mail message? Perhaps as at
> least my other pal runs an spamassassin and exim filter on my mail
> before I download it with fetchmail, perhaps I can change a rule in
> .exim/filter to protect myself? Or maybe something can be done in
> fetchmailrc?
>
> P.S. on http://packages.debian.org/unstable/mail/fetchmail-ssl.html
> it says it depends on "fetchmail-common (= 6.1.2-1) (NOT AVAILABLE)"
> Does that mean one is screwed either way?
> --
> http://jidanni.org/ Taiwan(04)25854780
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Bob Nielsen, N7XY n7xy@n7xy.net
Bainbridge Island, WA
IOTA NA-065, USI WA-028S
Reply to: