diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2008-12-17 16:21:11 +0000 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2008-12-17 16:21:11 +0000 |
commit | 981bb9cbbbe428d171cf584484973abc5f2f02de (patch) | |
tree | 74f88b1e2d12f8e5784829535a227df327aef574 /website/index.html | |
parent | 82e4ee310c2d7d627c1b8532b210b465fdae1c19 (diff) | |
download | fetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.tar.gz fetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.tar.bz2 fetchmail-981bb9cbbbe428d171cf584484973abc5f2f02de.zip |
WRT 6.3.8 security issues, replace 'for the nonce' by 'for 6.3.8'
Fix grammar (validate stricter -> validate more strictly).
svn path=/branches/BRANCH_6-3/; revision=5257
Diffstat (limited to 'website/index.html')
-rw-r--r-- | website/index.html | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/website/index.html b/website/index.html index 12bf8007..7b59e853 100644 --- a/website/index.html +++ b/website/index.html @@ -71,9 +71,9 @@ href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released< some of the problems mentioned below, even if they aren't mentioned in the security announcements:</p> <ul> - <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> - <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> - <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</li> + <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> + <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> + <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 and newer validate the APOP challenge more strictly.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321">CVE-2006-0321:</a> Fetchmail was found to <a href="fetchmail-SA-2006-01.txt">crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2.</a></li> |