diff options
-rw-r--r-- | fetchmail-SA-2011-01.txt | 10 | ||||
l--------- | website/fetchmail-SA-2011-01.txt | 1 | ||||
-rw-r--r-- | website/index.html | 33 | ||||
-rw-r--r-- | website/security.html | 8 |
4 files changed, 26 insertions, 26 deletions
diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt index 09aa90f6..c50ab932 100644 --- a/fetchmail-SA-2011-01.txt +++ b/fetchmail-SA-2011-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2011-01: Denial of service possible in STARTTLS mode Topics: fetchmail denial of service in STARTTLS protocol phases @@ -127,3 +130,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END of fetchmail-SA-2011-01 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.16 (GNU/Linux) + +iEYEARECAAYFAk3swwUACgkQvmGDOQUufZWaBACdHHSAiQZ5OIOur3vflKbzbIi2 +WbkAni+ROgf+9IU1rE0j8RJKvzZrJfIP +=d/Bl +-----END PGP SIGNATURE----- diff --git a/website/fetchmail-SA-2011-01.txt b/website/fetchmail-SA-2011-01.txt new file mode 120000 index 00000000..9f8c296c --- /dev/null +++ b/website/fetchmail-SA-2011-01.txt @@ -0,0 +1 @@ +../fetchmail-SA-2011-01.txt
\ No newline at end of file diff --git a/website/index.html b/website/index.html index 23a9aa62..72bc85c2 100644 --- a/website/index.html +++ b/website/index.html @@ -15,7 +15,7 @@ <table width="100%" cellpadding="0" summary="Canned page header"> <tr> <td>Fetchmail</td> -<td align="right"><!-- update date -->2010-12-10</td> +<td align="right"><!-- update date -->2011-06-06</td> </tr> </table> </div> @@ -42,35 +42,18 @@ <h1>Fetchmail</h1> <div style="background-color:#c0ffc0;color:#000000;"> - <h1>NEWS: FETCHMAIL 6.3.19 RELEASE</h1> - <p>On 2010-10-16, <a - href="fetchmail-EN-2010-03.txt">an erratum notice was issued</a> - to document important fixes made in the 6.3.18 release. - Distributors are advised to upgrade their packages to - 6.3.19 (which fixes a few more bugs than 6.3.18 did).</p> - <p>On 2010-12-10, <a - href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.19 + <h1>NEWS: FETCHMAIL 6.3.20 RELEASE</h1> + <p>On 2011-06-06, <a + href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.20 has been released (this is the download link),</a> fixing a - Yahoo incompatibility (that was fetchmail's fault), improves - configuration for multidrop settings, restores --antispam function - on the command line, allows forcing SSL/TLS/STARTTLS negotiation, - and reduces GSSAPI verbose/debug chatter in syslog. - <br>It is a recommended update for all users and + denial-of service in STARTTLS and makes --keep configurations log + less verbosely. + <br>It is a recommended <strong>security update</strong> for all users and distributors. <a - href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=18137">Click + href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=18583">Click here to see the change details.</a> </p> - <h1>UTF7 in mailbox names (developer document)</h1> - <p>There is a <a href="Mailbox-Names-UTF7.html">new document about - mailbox name encoding in IMAP,</a> - an invited contribution by Mark Crispin. It applies to all IMAP - clients and servers and is not limited to fetchmail, and arose after - a discussion on the getmail mailing list. Note that as of - 2010-05-25, neither fetchmail nor getmail currently supports this - directly; for the nonce, you need to manually encode the mailbox - name in UTF-7 for both applications.</p> - <h1>SSL issues after upgrade to OpenSSL 1.0.0?</h1> <p>If your fetchmail upgrade entails an upgrade of the OpenSSL library to 1.0.0, remember to re-run <kbd>c_rehash diff --git a/website/security.html b/website/security.html index 7f823fc9..ec9df3a8 100644 --- a/website/security.html +++ b/website/security.html @@ -14,7 +14,7 @@ <table width="100%" cellpadding="0" summary="Canned page header"> <tr> <td>Fetchmail</td> -<td align="right"><!-- update date -->2010-05-06</td> +<td align="right"><!-- update date -->2011-06-06</td> </tr> </table> </div> @@ -45,6 +45,12 @@ some of the problems mentioned below, even if they aren't mentioned in the security announcements:</p> <ul> + <li><a name="cve-2011-1947" + href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1947">CVE-2011-1947:</a> + Fetchmail <a href="fetchmail-SA-2011-01.txt"> could hang for + indefinite amounts of time during STARTTLS negotiations</a>, + causing mail fetches to stall. This was a long-standing bug + fixed in release 6.3.20.</li> <li><a name="fetchmail-EN-2010-03">EN-2010-03</a>: Fetchmail <a href="fetchmail-EN-2010-03.txt">fails POP3/IMAP authentication by not performing SASL AUTH properly.</a> This was a long-standing bug fixed in release |