diff options
Diffstat (limited to 'website')
| l--------- | website/fetchmail-SA-2011-01.txt | 1 | ||||
| -rw-r--r-- | website/index.html | 33 | ||||
| -rw-r--r-- | website/security.html | 8 | 
3 files changed, 16 insertions, 26 deletions
| diff --git a/website/fetchmail-SA-2011-01.txt b/website/fetchmail-SA-2011-01.txt new file mode 120000 index 00000000..9f8c296c --- /dev/null +++ b/website/fetchmail-SA-2011-01.txt @@ -0,0 +1 @@ +../fetchmail-SA-2011-01.txt
\ No newline at end of file diff --git a/website/index.html b/website/index.html index 23a9aa62..72bc85c2 100644 --- a/website/index.html +++ b/website/index.html @@ -15,7 +15,7 @@  <table width="100%" cellpadding="0" summary="Canned page header">  <tr>  <td>Fetchmail</td> -<td align="right"><!-- update date -->2010-12-10</td> +<td align="right"><!-- update date -->2011-06-06</td>  </tr>  </table>  </div> @@ -42,35 +42,18 @@  <h1>Fetchmail</h1>  <div style="background-color:#c0ffc0;color:#000000;"> -    <h1>NEWS: FETCHMAIL 6.3.19 RELEASE</h1> -    <p>On 2010-10-16, <a -	href="fetchmail-EN-2010-03.txt">an erratum notice was issued</a> -    to document important fixes made in the 6.3.18 release. -    Distributors are advised to upgrade their packages to -    6.3.19 (which fixes a few more bugs than 6.3.18 did).</p> -    <p>On 2010-12-10, <a -	href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.19 +    <h1>NEWS: FETCHMAIL 6.3.20 RELEASE</h1> +    <p>On 2011-06-06, <a +	href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.20  	has been released (this is the download link),</a> fixing a -    Yahoo incompatibility (that was fetchmail's fault), improves -    configuration for multidrop settings, restores --antispam function -    on the command line, allows forcing SSL/TLS/STARTTLS negotiation, -    and reduces GSSAPI verbose/debug chatter in syslog. -    <br>It is a recommended update for all users and +    denial-of service in STARTTLS and makes --keep configurations log +    less verbosely. +    <br>It is a recommended <strong>security update</strong> for all users and      distributors. <a -	href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=18137">Click +	href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=18583">Click  	here to see the change details.</a>      </p> -    <h1>UTF7 in mailbox names (developer document)</h1> -    <p>There is a <a href="Mailbox-Names-UTF7.html">new document about -	mailbox name encoding in IMAP,</a> -    an invited contribution by Mark Crispin. It applies to all IMAP -    clients and servers and is not limited to fetchmail, and arose after -    a discussion on the getmail mailing list. Note that as of -    2010-05-25, neither fetchmail nor getmail currently supports this -    directly; for the nonce, you need to manually encode the mailbox -    name in UTF-7 for both applications.</p> -      <h1>SSL issues after upgrade to OpenSSL 1.0.0?</h1>      <p>If your fetchmail upgrade entails an upgrade of the OpenSSL      library to 1.0.0, remember to re-run <kbd>c_rehash diff --git a/website/security.html b/website/security.html index 7f823fc9..ec9df3a8 100644 --- a/website/security.html +++ b/website/security.html @@ -14,7 +14,7 @@  <table width="100%" cellpadding="0" summary="Canned page header">  <tr>  <td>Fetchmail</td> -<td align="right"><!-- update date -->2010-05-06</td> +<td align="right"><!-- update date -->2011-06-06</td>  </tr>  </table>  </div> @@ -45,6 +45,12 @@      some of the problems mentioned below, even if they aren't mentioned      in the security announcements:</p>      <ul> +	<li><a name="cve-2011-1947" +	    href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1947">CVE-2011-1947:</a> +	Fetchmail <a href="fetchmail-SA-2011-01.txt"> could hang for +	    indefinite amounts of time during STARTTLS negotiations</a>, +	causing mail fetches to stall. This was a long-standing bug +	fixed in release 6.3.20.</li>  	<li><a name="fetchmail-EN-2010-03">EN-2010-03</a>: Fetchmail <a href="fetchmail-EN-2010-03.txt">fails  	    POP3/IMAP authentication by not performing SASL AUTH  	    properly.</a> This was a long-standing bug fixed in release | 
