Bug#336096: [pkg-fetchmail-maint] Bug#336096: CVE-2005-3088: Insecure
file creation in fetchmailconf may expose sensitive data
Nico Golde
nico at ngolde.de
Fri Oct 28 15:12:15 UTC 2005
Hi,
* Moritz Muehlenhoff <jmm at inutil.org> [2005-10-28 16:29]:
> Package: fetchmail
> Version: 6.2.5-18
> Severity: normal
> Tags: security
>
> A minor security problem has been found in fetchmailconf; insecure file
> creation may expose sensitive data such as password information. Please
> see http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt for details.
>
> This has been assigned CVE-2005-3088, please mention so in the changelog
> when fixing this.
Thanks. It will be fixed hopefully soon with the new upstream realease.
Regards Nico
--
Nico Golde - JAB: nion at jabber.ccc.de | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20051028/a5cd9042/attachment.pgp
More information about the pkg-fetchmail-maint
mailing list