diff options
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | fetchmail-SA-2011-01.txt | 2 |
2 files changed, 3 insertions, 2 deletions
@@ -59,7 +59,8 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.20 (not yet released, 26005 LoC): # SECURITY BUG FIXES -* STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the +* CVE-2011-1947: + STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout (default five minutes) now. This was reported missing, with observed fetchmail freezes beyond a week, by Thomas Jarosch. SSL-wrapped connections were unaffected by this timeout, so users of older diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt index fc627f65..915b3524 100644 --- a/fetchmail-SA-2011-01.txt +++ b/fetchmail-SA-2011-01.txt @@ -9,7 +9,7 @@ Type: Unguarded blocking I/O can cause indefinite application hang Impact: Denial of service Danger: low -CVE Name: +CVE Name: CVE-2011-1947 CVSSv2: CVSS scores: This is calculated without Environmental Score. |