diff options
| -rw-r--r-- | fetchmail-SA-2006-02.txt | 9 | ||||
| -rw-r--r-- | fetchmail-SA-2006-03.txt | 9 |
2 files changed, 10 insertions, 8 deletions
diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt index 05a9a8f0..dd24e497 100644 --- a/fetchmail-SA-2006-02.txt +++ b/fetchmail-SA-2006-02.txt @@ -3,8 +3,8 @@ fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS Author: Matthias Andree -Version: XXX -Announced: 2006-11-XX +Version: 1.0 +Announced: 2007-01-04 Type: secret information disclosure Impact: fetchmail can expose cleartext password over unsecure link fetchmail may not detect man in the middle attacks @@ -17,7 +17,7 @@ Project URL: http://fetchmail.berlios.de/ Affects: fetchmail releases <= 6.3.5 fetchmail release candidates 6.3.6-rc1, -rc2, -rc3 -Not affected: fetchmail release candidate 6.3.6-rc4 +Not affected: fetchmail release candidates 6.3.6-rc4, -rc5 fetchmail release 6.3.6 Corrected: 2006-11-26 fetchmail 6.3.6-rc4 @@ -29,6 +29,7 @@ Corrected: 2006-11-26 fetchmail 6.3.6-rc4 2006-11-16 v0.01 internal review draft 2006-11-26 v0.02 revise failure cases, workaround, add acknowledgments 2006-11-27 v0.03 add more vulnerabilities +2006-01-04 v1.0 ready for release 1. Background @@ -101,7 +102,7 @@ them right. A. Copyright, License and Warranty ================================== -(C) Copyright 2006 by Matthias Andree, <matthias.andree@gmx.de>. +(C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>. Some rights reserved. This work is licensed under the Creative Commons diff --git a/fetchmail-SA-2006-03.txt b/fetchmail-SA-2006-03.txt index df747af7..083f2e5b 100644 --- a/fetchmail-SA-2006-03.txt +++ b/fetchmail-SA-2006-03.txt @@ -1,10 +1,10 @@ fetchmail-SA-2006-03: crash when refusing message delivered through MDA -Topics: fetchmail crashes when refusing a message to an MDA +Topics: fetchmail crashes when refusing a message bound for an MDA Author: Matthias Andree Version: 1.0 -Announced: 2006-11-XX +Announced: 2007-01-04 Type: denial of service Impact: fetchmail aborts prematurely Danger: low @@ -24,7 +24,8 @@ Corrected: 2006-11-14 fetchmail SVN 0. Release history ================== -2006-11-19 internal review draft +2006-11-19 - internal review draft +2007-01-04 1.0 ready for release 1. Background @@ -66,7 +67,7 @@ fetchmail's project site at A. Copyright, License and Warranty ================================== -(C) Copyright 2006 by Matthias Andree, <matthias.andree@gmx.de>. +(C) Copyright 2007 by Matthias Andree, <matthias.andree@gmx.de>. Some rights reserved. This work is licensed under the Creative Commons |