From b82c3ccb65e3279996a690ebf577263d7730e0b3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 26 Aug 2021 23:53:14 +0200
Subject: SECURITY: IMAP: PREAUTH->abort if STARTTLS needed

On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.

--ssl is unaffected because it always negotiates TLS.

See fetchmail-SA-2021-02.txt for details.
---
 NEWS | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 2add2b6a..2d51b6e7 100644
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,23 @@ removed from a 6.5.0 or newer release.)
   messages. This will not be fixed, because the maintainer has no Kerberos 5
   server to test against. Use GSSAPI.
 
+--------------------------------------------------------------------------------
+fetchmail-6.4.22 (not yet released):
+
+# SECURITY FIX:
+* On IMAP connections, without --ssl and with nonempty --sslproto, meaning that 
+  fetchmail is to enforce TLS, and when the server or an attacker sends 
+  a PREAUTH greeting, fetchmail used to continue an unencrypted connection.
+  Now, log the error and abort the connection.
+
+  Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on
+  a dedicated port (default 993): use --ssl.
+
+  Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why 
+  TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email 
+  Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian 
+  Schinzel.  The paper did not mention fetchmail.
+
 --------------------------------------------------------------------------------
 fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
 
-- 
cgit v1.2.3