From 0cfc02717e320614332a7d7217e43cf83733b7a8 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 30 May 2011 12:09:20 +0200 Subject: Add fetchmail-SA-2011-01.txt --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 80c04082..a72a03b8 100644 --- a/NEWS +++ b/NEWS @@ -65,6 +65,7 @@ fetchmail-6.3.20 (not yet released): SSL-wrapped connections were unaffected by this timeout, so users of older versions can force ssl-wrapped connections -- if supported by the server -- with the --ssl command line or ssl rcfile option. + See fetchmail-SA-2011-01.txt for further details. # BUG FIXES * Do not search for UNSEEN messages in ranges. Usually, there are very few new -- cgit v1.2.3 From e5a4131e735b5a59dbc3b4b8024e437bae84bc16 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Tue, 31 May 2011 22:39:36 +0200 Subject: Add CVE name. --- NEWS | 3 ++- fetchmail-SA-2011-01.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index a72a03b8..eacede8a 100644 --- a/NEWS +++ b/NEWS @@ -59,7 +59,8 @@ removed from a 6.4.0 or newer release.) fetchmail-6.3.20 (not yet released): # SECURITY BUG FIXES -* Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout +* CVE-2011-1947: + Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout (default five minutes) now. This was reported missing, from fetchmail freezes beyond a week, by Thomas Jarosch. SSL-wrapped connections were unaffected by this timeout, so users of older diff --git a/fetchmail-SA-2011-01.txt b/fetchmail-SA-2011-01.txt index fc627f65..915b3524 100644 --- a/fetchmail-SA-2011-01.txt +++ b/fetchmail-SA-2011-01.txt @@ -9,7 +9,7 @@ Type: Unguarded blocking I/O can cause indefinite application hang Impact: Denial of service Danger: low -CVE Name: +CVE Name: CVE-2011-1947 CVSSv2: CVSS scores: This is calculated without Environmental Score. -- cgit v1.2.3