From f1c7607615ebd48807db6170937fe79bb89d47d4 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 4 Feb 2010 09:50:53 +0000 Subject: Security fix for sdump() (X.509 cert display in verbose mode). svn path=/branches/BRANCH_6-3/; revision=5467 --- NEWS | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 4f057990..91535bd5 100644 --- a/NEWS +++ b/NEWS @@ -49,6 +49,12 @@ removed from a 6.4.0 or newer release.) fetchmail 6.3.14 (not yet released): +# SECURITY FIXES +* SSL/TLS certificate information is now also reported properly on computers + that consider the "char" type signed. Fixes malloc() buffer overrun. + Workaround for older versions: do not use verbose mode. + See fetchmail-SA-2010-01.txt for details, including a minimal patch. + # BUG FIXES * The IMAP client no longer skips messages from several IMAP servers including Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a) -- cgit v1.2.3