Security fix.

svn path=/trunk/; revision=3441
author: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 2001-08-04 23:04:42 +0000
commit: 2e51880af8478356deac985863f6f13952987224 (patch)
tree: 0d3755c9b5e082ec64f85471feba0c3569c6e684 /NEWS
parent: 9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download: fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz
fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2
fetchmail-2e51880af8478356deac985863f6f13952987224.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 47daa5ee..71499f8f 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+fetchmail-5.8.17 (Sat Aug  4 19:02:47 EDT 2001), 21093 lines:
+
+* Fixed a security hole that is exploitable if fetchmail is running as root
+  and the attacker can either subvert the mailserver or redirect to a fake
+  one using DNS spoofing.  Bugtraq announcement to follow soon.  Thanks
+  to antirez@invece.org.
+
+There are  people on fetchmail-friends and  on fetchmail-announce.
+
 fetchmail-5.8.16 (Fri Aug  3 18:55:54 EDT 2001), 21093 lines:
 
 * Handle ! in RFC2821 Return-Path addresses properly.
author	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	2001-08-04 23:04:42 +0000
commit	2e51880af8478356deac985863f6f13952987224 (patch)
tree	0d3755c9b5e082ec64f85471feba0c3569c6e684 /NEWS
parent	9bb8e8533b64422abd0b766398b3fcfea2a6a173 (diff)
download	fetchmail-2e51880af8478356deac985863f6f13952987224.tar.gz fetchmail-2e51880af8478356deac985863f6f13952987224.tar.bz2 fetchmail-2e51880af8478356deac985863f6f13952987224.zip