diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2007-03-18 01:47:36 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2007-03-18 01:47:36 +0000 |
commit | a7049af9fd07e76cb24382a7b9515689425ed4c8 (patch) | |
tree | 6286cf8ebd8835492f89cdbee01c3f18bd5bb80c | |
parent | 321d61b215169346708da3ad2b74711996771635 (diff) | |
download | fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.gz fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.bz2 fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.zip |
Add pointer and reference on APOP attack.
svn path=/branches/BRANCH_6-3/; revision=5058
-rw-r--r-- | NEWS | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -55,6 +55,13 @@ fetchmail 6.3.8 (not yet released): recovery of the shared secret a matter of hours or minutes; this would then enable the attacker to impersonate the client vis-à-vis the server. + For further details, check + * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application + to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in + Springer's Lecture Notes on Computer Science.) + * The mailing list discussion thread at + <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html> + # BUG FIXES: * Fix pluralization of oversized-message warning mails. * Fix manual page: --sslcheck -> --sslcertck, and do not set trailing |