From a2071dd3b863de1a2688b1dad4aa4121eab1ac4d Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 4 Jan 2007 20:32:27 +0000 Subject: r5009@balu: mandree | 2007-01-04 00:25:10 +0100 Update. svn path=/branches/BRANCH_6-3/; revision=5006 --- fetchmail-SA-2006-02.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'fetchmail-SA-2006-02.txt') diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt index 05a9a8f0..dd24e497 100644 --- a/fetchmail-SA-2006-02.txt +++ b/fetchmail-SA-2006-02.txt @@ -3,8 +3,8 @@ fetchmail-SA-2006-02: TLS enforcement problem/MITM attack/password exposure Topics: fetchmail cannot enforce TLS Author: Matthias Andree -Version: XXX -Announced: 2006-11-XX +Version: 1.0 +Announced: 2007-01-04 Type: secret information disclosure Impact: fetchmail can expose cleartext password over unsecure link fetchmail may not detect man in the middle attacks @@ -17,7 +17,7 @@ Project URL: http://fetchmail.berlios.de/ Affects: fetchmail releases <= 6.3.5 fetchmail release candidates 6.3.6-rc1, -rc2, -rc3 -Not affected: fetchmail release candidate 6.3.6-rc4 +Not affected: fetchmail release candidates 6.3.6-rc4, -rc5 fetchmail release 6.3.6 Corrected: 2006-11-26 fetchmail 6.3.6-rc4 @@ -29,6 +29,7 @@ Corrected: 2006-11-26 fetchmail 6.3.6-rc4 2006-11-16 v0.01 internal review draft 2006-11-26 v0.02 revise failure cases, workaround, add acknowledgments 2006-11-27 v0.03 add more vulnerabilities +2006-01-04 v1.0 ready for release 1. Background @@ -101,7 +102,7 @@ them right. A. Copyright, License and Warranty ================================== -(C) Copyright 2006 by Matthias Andree, . +(C) Copyright 2007 by Matthias Andree, . Some rights reserved. This work is licensed under the Creative Commons -- cgit v1.2.3