diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2006-11-27 03:03:24 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2006-11-27 03:03:24 +0000 |
| commit | d45228ce3f2b591beb4fd5fb571439de0ea81793 (patch) | |
| tree | 254d86d73b9d93ca49fc9967352d03f022a31146 /fetchmail-SA-2006-02.txt | |
| parent | e3b44efa0c4af3b01a7c2156671807d44d180f1b (diff) | |
| download | fetchmail-d45228ce3f2b591beb4fd5fb571439de0ea81793.tar.gz fetchmail-d45228ce3f2b591beb4fd5fb571439de0ea81793.tar.bz2 fetchmail-d45228ce3f2b591beb4fd5fb571439de0ea81793.zip | |
Update.
svn path=/branches/BRANCH_6-3/; revision=4972
Diffstat (limited to 'fetchmail-SA-2006-02.txt')
| -rw-r--r-- | fetchmail-SA-2006-02.txt | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt index 94be6cf2..3d7f2387 100644 --- a/fetchmail-SA-2006-02.txt +++ b/fetchmail-SA-2006-02.txt @@ -3,7 +3,7 @@ fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS Author: Matthias Andree -Version: 1.0 +Version: XXX Announced: 2006-11-XX Type: secret information disclosure Impact: fetchmail can expose cleartext password over unsecure link @@ -28,6 +28,7 @@ Corrected: 2006-11-26 fetchmail 6.3.6-rc4 2006-11-16 v0.01 internal review draft 2006-11-26 v0.02 revise failure cases, workaround, add acknowledgments +2006-11-27 v0.03 add more vulnerabilities 1. Background @@ -45,7 +46,7 @@ control) files for fetchmail. 2. Problem description and Impact ================================= -Fetchmail has has several nasty password disclosure vulnerabilities for +Fetchmail has had several nasty password disclosure vulnerabilities for a long time. It was only recently that these have been found. V1. sslcertck/sslfingerprint options should have implied "sslproto tls1" |