aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2007-03-18 01:47:36 +0000
committerMatthias Andree <matthias.andree@gmx.de>2007-03-18 01:47:36 +0000
commita7049af9fd07e76cb24382a7b9515689425ed4c8 (patch)
tree6286cf8ebd8835492f89cdbee01c3f18bd5bb80c
parent321d61b215169346708da3ad2b74711996771635 (diff)
downloadfetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.gz
fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.bz2
fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.zip
Add pointer and reference on APOP attack.
svn path=/branches/BRANCH_6-3/; revision=5058
-rw-r--r--NEWS7
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 4cc6f944..46f0c550 100644
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,13 @@ fetchmail 6.3.8 (not yet released):
recovery of the shared secret a matter of hours or minutes; this would then
enable the attacker to impersonate the client vis-à-vis the server.
+ For further details, check
+ * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application
+ to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in
+ Springer's Lecture Notes on Computer Science.)
+ * The mailing list discussion thread at
+ <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html>
+
# BUG FIXES:
* Fix pluralization of oversized-message warning mails.
* Fix manual page: --sslcheck -> --sslcertck, and do not set trailing