Add pointer and reference on APOP attack.

svn path=/branches/BRANCH_6-3/; revision=5058
author: Matthias Andree <matthias.andree@gmx.de> 2007-03-18 01:47:36 +0000
committer: Matthias Andree <matthias.andree@gmx.de> 2007-03-18 01:47:36 +0000
commit: a7049af9fd07e76cb24382a7b9515689425ed4c8 (patch)
tree: 6286cf8ebd8835492f89cdbee01c3f18bd5bb80c /NEWS
parent: 321d61b215169346708da3ad2b74711996771635 (diff)
download: fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.gz
fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.bz2
fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 4cc6f944..46f0c550 100644
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,13 @@ fetchmail 6.3.8 (not yet released):
   recovery of the shared secret a matter of hours or minutes; this would then
   enable the attacker to impersonate the client vis-à-vis the server.
 
+  For further details, check
+  * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application
+  to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in
+  Springer's Lecture Notes on Computer Science.)
+  * The mailing list discussion thread at
+  <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html>
+
 # BUG FIXES:
 * Fix pluralization of oversized-message warning mails.
 * Fix manual page: --sslcheck -> --sslcertck, and do not set trailing
author	Matthias Andree <matthias.andree@gmx.de>	2007-03-18 01:47:36 +0000
committer	Matthias Andree <matthias.andree@gmx.de>	2007-03-18 01:47:36 +0000
commit	a7049af9fd07e76cb24382a7b9515689425ed4c8 (patch)
tree	6286cf8ebd8835492f89cdbee01c3f18bd5bb80c /NEWS
parent	321d61b215169346708da3ad2b74711996771635 (diff)
download	fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.gz fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.tar.bz2 fetchmail-a7049af9fd07e76cb24382a7b9515689425ed4c8.zip