From b92ba6ddd3103e981dbb4a5ab08c5cc1aebdc06f Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 6 Jun 2011 14:32:42 +0200 Subject: Sign SA 2011-01/CVE-2011-1947. --- fetchmail-SA-2011-01.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt index 6e01ddab..caa6951a 100644 --- a/fetchmail-SA-2011-01.txt +++ b/fetchmail-SA-2011-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2011-01: Denial of service possible in STARTTLS mode Topics: fetchmail denial of service in STARTTLS protocol phases @@ -126,3 +129,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END of fetchmail-SA-2011-01 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.16 (GNU/Linux) + +iEYEARECAAYFAk3swwUACgkQvmGDOQUufZWaBACdHHSAiQZ5OIOur3vflKbzbIi2 +WbkAni+ROgf+9IU1rE0j8RJKvzZrJfIP +=d/Bl +-----END PGP SIGNATURE----- -- cgit v1.2.3 From ca33378e6f2b88dbab8beac0b72da9d45e2c3338 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 6 Jun 2011 14:33:07 +0200 Subject: Update website. --- website/fetchmail-SA-2011-01.txt | 1 + website/index.html | 33 ++++++++------------------------- website/security.html | 8 +++++++- 3 files changed, 16 insertions(+), 26 deletions(-) create mode 120000 website/fetchmail-SA-2011-01.txt diff --git a/website/fetchmail-SA-2011-01.txt b/website/fetchmail-SA-2011-01.txt new file mode 120000 index 00000000..9f8c296c --- /dev/null +++ b/website/fetchmail-SA-2011-01.txt @@ -0,0 +1 @@ +../fetchmail-SA-2011-01.txt \ No newline at end of file diff --git a/website/index.html b/website/index.html index 23a9aa62..72bc85c2 100644 --- a/website/index.html +++ b/website/index.html @@ -15,7 +15,7 @@ - +
Fetchmail2010-12-102011-06-06
@@ -42,35 +42,18 @@

Fetchmail

-

NEWS: FETCHMAIL 6.3.19 RELEASE

-

On 2010-10-16, an erratum notice was issued - to document important fixes made in the 6.3.18 release. - Distributors are advised to upgrade their packages to - 6.3.19 (which fixes a few more bugs than 6.3.18 did).

-

On 2010-12-10, fetchmail-6.3.19 +

NEWS: FETCHMAIL 6.3.20 RELEASE

+

On 2011-06-06, fetchmail-6.3.20 has been released (this is the download link), fixing a - Yahoo incompatibility (that was fetchmail's fault), improves - configuration for multidrop settings, restores --antispam function - on the command line, allows forcing SSL/TLS/STARTTLS negotiation, - and reduces GSSAPI verbose/debug chatter in syslog. -
It is a recommended update for all users and + denial-of service in STARTTLS and makes --keep configurations log + less verbosely. +
It is a recommended security update for all users and distributors. Click + href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=18583">Click here to see the change details.

-

UTF7 in mailbox names (developer document)

-

There is a new document about - mailbox name encoding in IMAP, - an invited contribution by Mark Crispin. It applies to all IMAP - clients and servers and is not limited to fetchmail, and arose after - a discussion on the getmail mailing list. Note that as of - 2010-05-25, neither fetchmail nor getmail currently supports this - directly; for the nonce, you need to manually encode the mailbox - name in UTF-7 for both applications.

-

SSL issues after upgrade to OpenSSL 1.0.0?

If your fetchmail upgrade entails an upgrade of the OpenSSL library to 1.0.0, remember to re-run c_rehash diff --git a/website/security.html b/website/security.html index 7f823fc9..ec9df3a8 100644 --- a/website/security.html +++ b/website/security.html @@ -14,7 +14,7 @@ - +
Fetchmail2010-05-062011-06-06

@@ -45,6 +45,12 @@ some of the problems mentioned below, even if they aren't mentioned in the security announcements: