[pkg-fetchmail-maint] Bug#336096: CVE-2005-3088: Insecure file
creation in fetchmailconf may expose sensitive data
Moritz Muehlenhoff
jmm at inutil.org
Thu Oct 27 19:26:46 UTC 2005
Package: fetchmail
Version: 6.2.5-18
Severity: normal
Tags: security
A minor security problem has been found in fetchmailconf; insecure file
creation may expose sensitive data such as password information. Please
see http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt for details.
This has been assigned CVE-2005-3088, please mention so in the changelog
when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Versions of packages fetchmail depends on:
ii adduser 3.77 Add and remove users and groups
ii base-files 3.1.9 Debian base system miscellaneous f
ii debianutils 2.15 Miscellaneous utilities specific t
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
Versions of packages fetchmail recommends:
ii ca-certificates 20050804 Common CA Certificates PEM files
-- no debconf information
More information about the pkg-fetchmail-maint
mailing list