From a7049af9fd07e76cb24382a7b9515689425ed4c8 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sun, 18 Mar 2007 01:47:36 +0000
Subject: Add pointer and reference on APOP attack.

svn path=/branches/BRANCH_6-3/; revision=5058
---
 NEWS | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 4cc6f944..46f0c550 100644
--- a/NEWS
+++ b/NEWS
@@ -55,6 +55,13 @@ fetchmail 6.3.8 (not yet released):
   recovery of the shared secret a matter of hours or minutes; this would then
   enable the attacker to impersonate the client vis-à-vis the server.
 
+  For further details, check
+  * Gaëtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application
+  to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in
+  Springer's Lecture Notes on Computer Science.)
+  * The mailing list discussion thread at
+  <http://lists.berlios.de/pipermail/fetchmail-devel/2007-March/000887.html>
+
 # BUG FIXES:
 * Fix pluralization of oversized-message warning mails.
 * Fix manual page: --sslcheck -> --sslcertck, and do not set trailing 
-- 
cgit v1.2.3