From 62acd57d67fff935e1c8a1796853e911869ee9f8 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Tue, 4 Aug 2009 09:27:10 +0000
Subject: Abort verification if Subject CommonName/AltName contains NUL.

svn path=/branches/BRANCH_6-3/; revision=5389
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index edab25a3..701339a2 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,11 @@ removed from a 6.4.0 or newer release.)
 
 fetchmail 6.3.11 (released XXXX-XX-XX - i. e. not yet):
 
+# SECURITY BUGFIXES
+* Fetchmail checks the Subject CommonName and Subject AltName X.509 certificate
+  fields for embedded NUL characters and aborts certificate verification to
+  counter recent SSL certificate verification attacks. Untested.
+
 # BUGFIXES
 * Remove the spurious message "message delimiter found while scanning headers".
   RFC-5322 syntax states that the delimiter is part of the body, and the body is
-- 
cgit v1.2.3