https://www.openwall.com/lists/oss-security/2025/10/03/2 https://www.openwall.com/lists/oss-security/2025/10/04/3
CVE: (none) => CVE-2025-61962Status comment: (none) => Fixed upstream in 6.5.6Whiteboard: (none) => MGA9TOOSource RPM: (none) => fetchmail-6.5.4-1.mga10.src.rpm, fetchmail-6.4.34-1.mga9.src.rpm
The registered maintainer is still ooften on IRC, but I'm not sure he's still available for packaging. Assigning to him, but CC'ing all.
Assignee: bugsquad => alienCC: (none) => marja11, pkg-bugs
Fixed for Cauldron in fetchmail-6.5.6-1.mga10 Fetchmail package updated for Mageia 9 Advisory: ======================== Updated fetchmail package fixes security vulnerability: It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This event will usually cause a crash of fetchmail (CVE-2025-61962). References: https://www.openwall.com/lists/oss-security/2025/10/03/2 https://www.openwall.com/lists/oss-security/2025/10/04/3 https://https://www.cve.org/CVERecord?id=CVE-2025-61962 ======================== Updated packages in core/updates_testing: ======================== fetchmail-6.5.6-1.mga9 fetchmailconf-6.5.6-1.mga9 fetchmail-daemon-6.5.6-1.mga9 from fetchmail-6.5.6-1.mga9.src.rpm test procedure https://bugs.mageia.org/show_bug.cgi?id=29420#c6
Keywords: (none) => has_procedureAssignee: alien => qa-bugsWhiteboard: MGA9TOO => (none)CC: (none) => mhrambo3501Version: Cauldron => 9
CC: (none) => mageia
Installed and tested without issues. Tested fetchmailconf and fetchmail-daemon service and it works as expected but I'm not using them normally. Normally, I'm using fetchmail and a custom bash script to grab emails from several accounts, using POP, and consolidate all emails in to a single account in dovecot, which is then accessed through IMAP. After the update, all is working as usual. This gets an OK from me. System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. $ systemctl status fetchmail.service ● fetchmail.service - A remote-mail retrieval utility Loaded: loaded (/usr/lib/systemd/system/fetchmail.service; disabled; preset: disabled) Active: active (running) since Thu 2025-10-09 09:28:05 WEST; 2s ago Main PID: 95401 (fetchmail) Tasks: 1 (limit: 37586) Memory: 2.0M CPU: 26ms CGroup: /system.slice/fetchmail.service └─95401 /usr/bin/fetchmail -d 300 --syslog -f /etc/fetchmailrc out 09 09:28:05 jupiter systemd[1]: Started fetchmail.service. out 09 09:28:05 jupiter fetchmail[95401]: starting fetchmail 6.5.6 daemon <SNIP> $ uname -a Linux jupiter 6.6.105-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Sep 10 13:53:34 UTC 2025 x86_64 GNU/Linux $ rpm -qa | grep fetchmail | sort fetchmail-6.5.6-1.mga9 fetchmailconf-6.5.6-1.mga9 fetchmail-daemon-6.5.6-1.mga9
Giving up on it. I cann't figure out the configuration, and always get authentication failure. Part of the problem might be that the window for user configuration exceeds the height of my display. And I can adjust the width of that window, but not its height.
CC: (none) => herman.viaene
Keywords: (none) => advisory
This update has been going strong for 4 days. Giving it an OK for x86_64.
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0238.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED