aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-08-29 17:33:45 +0200
committerMatthias Andree <matthias.andree@gmx.de>2021-08-29 17:33:45 +0200
commitc863e9dbcc5e6c71ee6d160f811532583627d1ac (patch)
treebd4c51b452ce212df8098b0c0bce46dd7dfd0bc6
parent5b31e6e3c44770d6337c0dc29b21337746575453 (diff)
downloadfetchmail-c863e9dbcc5e6c71ee6d160f811532583627d1ac.tar.gz
fetchmail-c863e9dbcc5e6c71ee6d160f811532583627d1ac.tar.bz2
fetchmail-c863e9dbcc5e6c71ee6d160f811532583627d1ac.zip
update SA-2021-02
-rw-r--r--fetchmail-SA-2021-02.txt9
1 files changed, 5 insertions, 4 deletions
diff --git a/fetchmail-SA-2021-02.txt b/fetchmail-SA-2021-02.txt
index 93397ec8..d1b07898 100644
--- a/fetchmail-SA-2021-02.txt
+++ b/fetchmail-SA-2021-02.txt
@@ -3,8 +3,8 @@ fetchmail-SA-2021-02: STARTTLS session encryption bypassing
Topics: fetchmail fails to enforce an encrypted connection
Author: Matthias Andree
-Version: 0.9.1
-Announced: 2021-08-26
+Version: 0.9.2
+Announced: 2021-08-26 (0.9)
Type: failure to enforce configured security policy
Impact: fetchmail continues an unencrypted connection,
thus reading unauthenticated input and sending
@@ -22,7 +22,7 @@ Affects: - fetchmail releases up to and including 6.4.21
Not affected: - fetchmail releases 6.4.22 and newer
-Corrected in: 2021-08-27 fetchmail 6.4.22.rc2 release candidate
+Corrected in: 2021-08-29 fetchmail 6.4.22.rc3 release candidate
TBD fetchmail 6.4.22 release tarball
0. History of this announcement
@@ -34,7 +34,8 @@ Corrected in: 2021-08-27 fetchmail 6.4.22.rc2 release candidate
(see section 3b. below) to mitigate impact was sent to the
fetchmail mailing lists
2021-08-26 0.9 initial release along with fetchmail 6.4.22.rc1
-2021-08-26 0.9.1 update references to 6.4.22.rc2.
+2021-08-27 0.9.1 update references to 6.4.22.rc2.
+2021-08-29 0.9.2 update references to 6.4.22.rc3 and correct 0.9.1 date.
1. Background