Package: fetchmail Version: 6.2.5-18 Severity: important I have done some debugging, and determined that with my setup, fetchmail always fails if two conditions are met.
My setup: - messages arrive on box-A via qmail - fetchmail on box-B fetches messages via courier-imap on box-A Conditions required for failure (both must be met): 1. the message being fetched must have DOS-style line endings (at least for the blank line between the headers and the message body). 2. the message body must contain (anywhere in it) the two character string "OK". If these conditions are met, fetchmail will choke while fetching this message, and quit, leaving it and any other message on the server. I have minimal test messages and the output of running fetchmail -vv for each of them, which I will attach to this report. (I don't think this bug has security implications other than a basic DoS, but that might be worth investigating, as it seems fetchmail is interpreting data from an untrusted user as though it were data from a (potentially trusted) mail server.) I don't think my particular /etc/fetchmailrc is relevant here, but I can provide a sanitized copy if needed. Cheers, nate -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages fetchmail depends on: ii adduser 3.77 Add and remove users and groups ii base-files 3.1.9 Debian base system miscellaneous f ii debianutils 2.15.1 Miscellaneous utilities specific t ii libc6 2.3.5-7 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7g-5 SSL shared libraries Versions of packages fetchmail recommends: ii ca-certificates 20050804 Common CA Certificates PEM files -- no debconf information
tests.tar.gz
Description: Binary data
