aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmail-SA-2021-02.txt
Commit message (Collapse)AuthorAgeFilesLines
* Add CVE ID; revise TLS docs & fetchmail-SA-2021-02Matthias Andree2021-08-271-48/+41
|
* SECURITY: POP3: changes for --auth ssh and RPAMatthias Andree2021-08-261-11/+21
| | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any.
* SECURITY: IMAP: --auth ssh no longer prevents STARTTLSMatthias Andree2021-08-261-7/+15
|
* SECURITY: IMAP: PREAUTH->abort if STARTTLS neededMatthias Andree2021-08-261-0/+117
On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.