From d45228ce3f2b591beb4fd5fb571439de0ea81793 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 27 Nov 2006 03:03:24 +0000 Subject: Update. svn path=/branches/BRANCH_6-3/; revision=4972 --- fetchmail-SA-2006-02.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt index 94be6cf2..3d7f2387 100644 --- a/fetchmail-SA-2006-02.txt +++ b/fetchmail-SA-2006-02.txt @@ -3,7 +3,7 @@ fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS Author: Matthias Andree -Version: 1.0 +Version: XXX Announced: 2006-11-XX Type: secret information disclosure Impact: fetchmail can expose cleartext password over unsecure link @@ -28,6 +28,7 @@ Corrected: 2006-11-26 fetchmail 6.3.6-rc4 2006-11-16 v0.01 internal review draft 2006-11-26 v0.02 revise failure cases, workaround, add acknowledgments +2006-11-27 v0.03 add more vulnerabilities 1. Background @@ -45,7 +46,7 @@ control) files for fetchmail. 2. Problem description and Impact ================================= -Fetchmail has has several nasty password disclosure vulnerabilities for +Fetchmail has had several nasty password disclosure vulnerabilities for a long time. It was only recently that these have been found. V1. sslcertck/sslfingerprint options should have implied "sslproto tls1" -- cgit v1.2.3