aboutsummaryrefslogtreecommitdiffstats
path: root/website/index.html
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2008-12-17 16:21:11 +0000
committerMatthias Andree <matthias.andree@gmx.de>2008-12-17 16:21:11 +0000
commit981bb9cbbbe428d171cf584484973abc5f2f02de (patch)
tree74f88b1e2d12f8e5784829535a227df327aef574 /website/index.html
parent82e4ee310c2d7d627c1b8532b210b465fdae1c19 (diff)
downloadfetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.tar.gz
fetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.tar.bz2
fetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.zip
WRT 6.3.8 security issues, replace 'for the nonce' by 'for 6.3.8'
Fix grammar (validate stricter -> validate more strictly). svn path=/branches/BRANCH_6-3/; revision=5257
Diffstat (limited to 'website/index.html')
-rw-r--r--website/index.html6
1 files changed, 3 insertions, 3 deletions
diff --git a/website/index.html b/website/index.html
index 12bf8007..7b59e853 100644
--- a/website/index.html
+++ b/website/index.html
@@ -71,9 +71,9 @@ href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released<
some of the problems mentioned below, even if they aren't mentioned
in the security announcements:</p>
<ul>
- <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li>
- <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li>
- <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</li>
+ <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li>
+ <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li>
+ <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 and newer validate the APOP challenge more strictly.</li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321">CVE-2006-0321:</a> Fetchmail was found to <a href="fetchmail-SA-2006-01.txt">crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2.</a></li>