Add CVE-2007-1558 to APOP attack.

svn path=/branches/BRANCH_6-3/; revision=5064
author: Matthias Andree <matthias.andree@gmx.de> 2007-03-21 09:40:59 +0000
committer: Matthias Andree <matthias.andree@gmx.de> 2007-03-21 09:40:59 +0000
commit: e75ef8f8b5480be6ef8fcc84214228860bb48752 (patch)
tree: be7097972587ab4e62050170fcbe52fc41daef1e /NEWS
parent: 62e40d9925446e5bbda7e3a3627b48be5dc83a61 (diff)
download: fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.gz
fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.bz2
fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 46f0c550..1d7c8ca7 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,7 @@ fetchmail 6.3.8 (not yet released):
 * Make the APOP challenge parser more distrustful and have it reject challenges
   that do not conform to RFC-822 msg-id format, in the hope to make mounting
   man-in-the-middle attacks (MITM) against APOP a bit more difficult.
+  (CVE-2007-1558)
 
   APOP is claimed insecure by Gaëtan Leurent for MITM scenarios for typical
   setups: based on MD5 collisions, it is purportedly possible to recover the
author	Matthias Andree <matthias.andree@gmx.de>	2007-03-21 09:40:59 +0000
committer	Matthias Andree <matthias.andree@gmx.de>	2007-03-21 09:40:59 +0000
commit	e75ef8f8b5480be6ef8fcc84214228860bb48752 (patch)
tree	be7097972587ab4e62050170fcbe52fc41daef1e /NEWS
parent	62e40d9925446e5bbda7e3a3627b48be5dc83a61 (diff)
download	fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.gz fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.tar.bz2 fetchmail-e75ef8f8b5480be6ef8fcc84214228860bb48752.zip