From e75ef8f8b5480be6ef8fcc84214228860bb48752 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 21 Mar 2007 09:40:59 +0000 Subject: Add CVE-2007-1558 to APOP attack. svn path=/branches/BRANCH_6-3/; revision=5064 --- NEWS | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS b/NEWS index 46f0c550..1d7c8ca7 100644 --- a/NEWS +++ b/NEWS @@ -48,6 +48,7 @@ fetchmail 6.3.8 (not yet released): * Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. + (CVE-2007-1558) APOP is claimed insecure by Gaƫtan Leurent for MITM scenarios for typical setups: based on MD5 collisions, it is purportedly possible to recover the -- cgit v1.2.3