CVE-2007-4565

Name	CVE-2007-4565
Description	sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1377-2
Debian Bugs	440006

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
fetchmail (PTS)	jessie	6.3.26-1	fixed
	stretch	6.3.26-3	fixed
	buster	6.4.0~beta4-3+deb10u1	fixed
	bullseye	6.4.16-4+deb11u1	fixed
	bookworm	6.4.37-1	fixed
	sid, trixie	6.4.39-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
fetchmail	source	sarge	(not affected)
fetchmail	source	etch	6.3.6-1etch1		DSA-1377-2
fetchmail	source	(unstable)	6.3.8-8	low		440006

[etch] - fetchmail <no-dsa> (Hardly a security problem)
[sarge] - fetchmail <not-affected> (problem not present in source)