aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmail-SA-2021-02.txt
diff options
context:
space:
mode:
Diffstat (limited to 'fetchmail-SA-2021-02.txt')
-rw-r--r--fetchmail-SA-2021-02.txt9
1 files changed, 5 insertions, 4 deletions
diff --git a/fetchmail-SA-2021-02.txt b/fetchmail-SA-2021-02.txt
index 93397ec8..d1b07898 100644
--- a/fetchmail-SA-2021-02.txt
+++ b/fetchmail-SA-2021-02.txt
@@ -3,8 +3,8 @@ fetchmail-SA-2021-02: STARTTLS session encryption bypassing
Topics: fetchmail fails to enforce an encrypted connection
Author: Matthias Andree
-Version: 0.9.1
-Announced: 2021-08-26
+Version: 0.9.2
+Announced: 2021-08-26 (0.9)
Type: failure to enforce configured security policy
Impact: fetchmail continues an unencrypted connection,
thus reading unauthenticated input and sending
@@ -22,7 +22,7 @@ Affects: - fetchmail releases up to and including 6.4.21
Not affected: - fetchmail releases 6.4.22 and newer
-Corrected in: 2021-08-27 fetchmail 6.4.22.rc2 release candidate
+Corrected in: 2021-08-29 fetchmail 6.4.22.rc3 release candidate
TBD fetchmail 6.4.22 release tarball
0. History of this announcement
@@ -34,7 +34,8 @@ Corrected in: 2021-08-27 fetchmail 6.4.22.rc2 release candidate
(see section 3b. below) to mitigate impact was sent to the
fetchmail mailing lists
2021-08-26 0.9 initial release along with fetchmail 6.4.22.rc1
-2021-08-26 0.9.1 update references to 6.4.22.rc2.
+2021-08-27 0.9.1 update references to 6.4.22.rc2.
+2021-08-29 0.9.2 update references to 6.4.22.rc3 and correct 0.9.1 date.
1. Background