aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS3
-rw-r--r--fetchmail-SA-2011-01.txt2
2 files changed, 3 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index bd4c450d..53db19a0 100644
--- a/NEWS
+++ b/NEWS
@@ -59,7 +59,8 @@ removed from a 6.4.0 or newer release.)
fetchmail-6.3.20 (not yet released, 26005 LoC):
# SECURITY BUG FIXES
-* STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
+* CVE-2011-1947:
+ STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
set timeout (default five minutes) now. This was reported missing, with
observed fetchmail freezes beyond a week, by Thomas Jarosch.
SSL-wrapped connections were unaffected by this timeout, so users of older
diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt
index fc627f65..915b3524 100644
--- a/fetchmail-SA-2011-01.txt
+++ b/fetchmail-SA-2011-01.txt
@@ -9,7 +9,7 @@ Type: Unguarded blocking I/O can cause indefinite application hang
Impact: Denial of service
Danger: low
-CVE Name:
+CVE Name: CVE-2011-1947
CVSSv2:
CVSS scores:
This is calculated without Environmental Score.