Abort verification if Subject CommonName/AltName contains NUL.

svn path=/branches/BRANCH_6-3/; revision=5389
author: Matthias Andree <matthias.andree@gmx.de> 2009-08-04 09:27:10 +0000
committer: Matthias Andree <matthias.andree@gmx.de> 2009-08-04 09:27:10 +0000
commit: 62acd57d67fff935e1c8a1796853e911869ee9f8 (patch)
tree: 1310b419884542bd10f106e46246765d7b92b9ee /NEWS
parent: cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329 (diff)
download: fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.tar.gz
fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.tar.bz2
fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index edab25a3..701339a2 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,11 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail 6.3.11 (released XXXX-XX-XX - i. e. not yet):
 
+# SECURITY BUGFIXES
+* Fetchmail checks the Subject CommonName and Subject AltName X.509 certificate
+  fields for embedded NUL characters and aborts certificate verification to
+  counter recent SSL certificate verification attacks. Untested.
+
 # BUGFIXES
 * Remove the spurious message "message delimiter found while scanning headers".
   RFC-5322 syntax states that the delimiter is part of the body, and the body is
author	Matthias Andree <matthias.andree@gmx.de>	2009-08-04 09:27:10 +0000
committer	Matthias Andree <matthias.andree@gmx.de>	2009-08-04 09:27:10 +0000
commit	62acd57d67fff935e1c8a1796853e911869ee9f8 (patch)
tree	1310b419884542bd10f106e46246765d7b92b9ee /NEWS
parent	cce6e3905c62ae2ffbddbea4d8ff4ed4fd253329 (diff)
download	fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.tar.gz fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.tar.bz2 fetchmail-62acd57d67fff935e1c8a1796853e911869ee9f8.zip