From e37ceb2c1e57abd1224468ce4381cdc117820cd3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 1 Oct 2005 01:44:20 +0000
Subject: update.

svn path=/trunk/; revision=4358
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index a0374d9b..6c678024 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ fetchmail 6.3.0 (not yet released officially):
   than 128 bytes can corrupt fetchmail's stack and crash fetchmail.
   This vulnerability is remotely exploitable to inject code run in a
   root shell. This is tracked under the CVE Name: CAN-2005-2335
+* fetchmailconf now changes the output file to mode 0600 BEFORE writing to it,
+  so there is no window where passwords could be read by the world.
+  Matthias Andree.
 
 # MAJOR INCOMPATIBLE CHANGES
 * Remove support for --netsec/-T options, the required inet6_apps library is no
@@ -224,6 +227,8 @@ fetchmail 6.3.0 (not yet released officially):
   authentication failure. Found by Yves Boisjoly.  Matthias Andree
 * fetchmailconf now allows expert users to choose the authorization type and
   also offers MSN and NTLM, suggested by Yves Boisjoly. Matthias Andree
+* fetchmailconf now (as of 1.49) writes its version to the comment of the
+  saved run control file. Matthias Andree
 
 # INTERNAL CHANGES
 * Switched to automake. Matthias Andree.
-- 
cgit v1.2.3