diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2007-04-06 18:10:51 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2007-04-06 18:10:51 +0000 |
| commit | 67e83dd1930726f316e19aef8f45efc9dc4feda3 (patch) | |
| tree | fb332f10ca8ac65ed6d85371eb3608cd1dc7ebbd /NEWS | |
| parent | 0e7ff9cb9b8483e188febe76ccffefb66d75c97e (diff) | |
| download | fetchmail-67e83dd1930726f316e19aef8f45efc9dc4feda3.tar.gz fetchmail-67e83dd1930726f316e19aef8f45efc9dc4feda3.tar.bz2 fetchmail-67e83dd1930726f316e19aef8f45efc9dc4feda3.zip | |
Add fetchmail-SA-2007-01.txt.
Add publication date of Gaetan Leurent's CVE-2007-1558.
svn path=/branches/BRANCH_6-3/; revision=5085
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -48,7 +48,7 @@ fetchmail 6.3.8 (not yet released): * Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. - (CVE-2007-1558) + (CVE-2007-1558, reported by Gaëtan Leurent, published 2007-04-02 on Bugtraq) APOP is claimed insecure by Gaëtan Leurent for MITM scenarios for typical setups: based on MD5 collisions, it is purportedly possible to recover the @@ -82,6 +82,7 @@ fetchmail 6.3.8 (not yet released): excellent detail by Reto Schüttel, Debian Bug#416812. # DOCUMENTATION: +* Add fetchmail-SA-2007-01.txt * Extend --mda documentation, discourage use of qmail-inject. Based on a patch by Rob MacGregor. * Document SOCKS configuration facility (SOCKS_CONF environment variable). |