Multiple vulnerabilities were discovered and corrected in fetchmail: fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service via a crafted message header or POP3 UIDL list . NOTE: This vulnerability did not affect Mandriva Linux 2010.2. fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a STARTTLS or STLS request, which allows remote servers to cause a denial of service by acknowledging the request but not sending additional packets . Packages for 2009.0 are provided as of the Extended Maintenance Program