| Summary: | fetchmail regression caused by CVE-2021-36386 fix | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | RPM Packages | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | fetchmail-6.4.8-4.1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-08-10 15:49:17 CEST
David Walser
2021-08-10 15:49:27 CEST
Whiteboard:
(none) =>
MGA8TOO Cauldron fixed... mga8 packages: SRPM: fetchmail-6.4.8-4.2.mga8.src.rpm i586: fetchmail-6.4.8-4.2.mga8.i586.rpm fetchmailconf-6.4.8-4.2.mga8.i586.rpm fetchmail-daemon-6.4.8-4.2.mga8.i586.rpm x86_64: fetchmail-6.4.8-4.2.mga8.x86_64.rpm fetchmailconf-6.4.8-4.2.mga8.x86_64.rpm fetchmail-daemon-6.4.8-4.2.mga8.x86_64.rpm Whiteboard:
MGA8TOO =>
(none)
advisory, added to svn:
type: bugfix
subject: Updated fetchmail packages fix logging regression
src:
8:
core:
- fetchmail-6.4.8-4.2.mga8
description: |
The recent fix for CVE-2021-36386 released in MGASA-2021-0391 introduced
a regression causing truncation of messages logged to buffered outputs,
predominantly --logfile. This also caused lines in the logfile to run
into one another because the fragment containing the "\n" line-end
character was usually lost.
references:
- https://bugs.mageia.org/show_bug.cgi?id=29349
- https://www.openwall.com/lists/oss-security/2021/08/09/1
- https://www.fetchmail.info/fetchmail-SA-2021-01.txtKeywords:
(none) =>
advisory Confirmation om discuss@ ml by Trish Fraser that the fix works. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2021-0175.html Status:
NEW =>
RESOLVED |