Candidate: CVE-2011-1947 PublicDate: 2011-06-02 19:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt Description: fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. Ubuntu-Description: Notes: Bugs: Priority: low Discovered-by: Assigned-to: CVSS: Patches_fetchmail: upstream: https://gitlab.com/fetchmail/fetchmail/-/commit/7dc67b8cf06f74aa57525279940e180c99701314 upstream_fetchmail: pending (6.3.20) hardy_fetchmail: ignored (reached end-of-life) lucid_fetchmail: ignored (reached end-of-life) maverick_fetchmail: ignored (reached end-of-life) natty_fetchmail: ignored (reached end-of-life) oneiric_fetchmail: ignored (reached end-of-life) precise_fetchmail: ignored (reached end-of-life) precise/esm_fetchmail: DNE (precise was needed) quantal_fetchmail: ignored (reached end-of-life) raring_fetchmail: ignored (reached end-of-life) saucy_fetchmail: ignored (reached end-of-life) trusty_fetchmail: not-affected (6.3.26-1) trusty/esm_fetchmail: DNE (trusty was not-affected) utopic_fetchmail: ignored (reached end-of-life) vivid_fetchmail: ignored (reached end-of-life) vivid/stable-phone-overlay_fetchmail: DNE vivid/ubuntu-core_fetchmail: DNE wily_fetchmail: ignored (reached end-of-life) xenial_fetchmail: not-affected (6.3.26-1) esm-infra/xenial_fetchmail: not-affected (6.3.26-1) yakkety_fetchmail: ignored (reached end-of-life) zesty_fetchmail: ignored (reached end-of-life) artful_fetchmail: ignored (reached end-of-life) bionic_fetchmail: not-affected (6.3.26-1) cosmic_fetchmail: ignored (reached end-of-life) disco_fetchmail: ignored (reached end-of-life) eoan_fetchmail: ignored (reached end-of-life) focal_fetchmail: not-affected (6.3.26-1) groovy_fetchmail: ignored (reached end-of-life) hirsute_fetchmail: not-affected (6.3.26-1) impish_fetchmail: not-affected (6.3.26-1) jammy_fetchmail: not-affected (6.3.26-1) devel_fetchmail: not-affected (6.3.26-1)