Fedora alert FEDORA-2008-8040 (ssmtp)

From:
    	     
 
updates@fedoraproject.org
To:
    	     
 
fedora-package-announce@redhat.com
Subject:
    	     
 
[SECURITY] Fedora 8 Update: ssmtp-2.61-11.6.fc8.1
Date:
    	     
 
Sun, 14 Sep 2008 06:48:21 +0000
Message-ID:
    	     
 
<20080914064821.9485A208D9C@bastion.fedora.phx.redhat.com>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8040
2008-09-13 04:55:23
--------------------------------------------------------------------------------

Name        : ssmtp
Product     : Fedora 8
Version     : 2.61
Release     : 11.6.fc8.1
URL         : http://packages.debian.org/stable/mail/ssmtp
Summary     : Extremely simple MTA to get mail off the system to a Mailhub
Description :
A secure, effective and simple way of getting mail off a system to your mail
hub. It contains no suid-binaries or other dangerous things - no mail spool
to poke around in, and no daemons running in the background. Mail is simply
forwarded to the configured mailhost. Extremely easy configuration.

WARNING: the above is all it does; it does not receive mail, expand aliases
or manage a queue. That belongs on a mail hub with a system administrator.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2008-3962
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2008 Manuel "lonely wolf" Wolfshant <wolfy@nobugconsulting.ro> 2.61-11.6.1
- use conditionals to consolidate specs for Fedora and EPEL
* Thu Sep 11 2008 Manuel "lonely wolf" Wolfshant <wolfy@nobugconsulting.ro> 2.61-11.6
- patch to fix CVE-2008-3962 (courtesy https://bugs.gentoo.org/127592)
- cleanup of other patches, make build with fuzz=0
* Sat Aug  2 2008 Manuel "lonely wolf" Wolfshant <wolfy@nobugconsulting.ro> 2.61-11.5.4
- work around rpmbuild more strict syntax checker
* Tue Feb 12 2008 Manuel "lonely wolf" Wolfshant <wolfy@nobugconsulting.ro> 2.61-11.5.3
- rebuilt for gcc 4.3.0
* Wed Dec  5 2007 lonely wolf <wolfy@nobugconsulting.ro> 2.61-11.5.2
- rebuilt for newer openssl
- fix usage of disttag for compatibility with mock + el3
* Wed Oct 24 2007 lonely wolf <wolfy@nobugconsulting.ro> 2.61-11.5.1
- adds back /usr/sbin/sendmail provides, rpmbuild by default does not add it
* Wed Oct 24 2007 lonely wolf <wolfy@nobugconsulting.ro> 2.61-11.5
- fixes https://bugzilla.redhat.com/show_bug.cgi?id=235594 by removing MTA
  and smtpdaemon provides, as the packages which required those were fixed
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #461882 - CVE-2008-3962 ssmtp: unitialized memory disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=461882
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ssmtp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...