From f9fd0db683f22c7c1c0d6a14e2d5ad463833d407 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Wed, 29 Nov 2006 22:07:50 +0000
Subject: Detail on missed CAPA probes.

svn path=/branches/BRANCH_6-3/; revision=4979
---
 fetchmail-SA-2006-02.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'fetchmail-SA-2006-02.txt')

diff --git a/fetchmail-SA-2006-02.txt b/fetchmail-SA-2006-02.txt
index 1704512f..05a9a8f0 100644
--- a/fetchmail-SA-2006-02.txt
+++ b/fetchmail-SA-2006-02.txt
@@ -60,7 +60,8 @@ V3. POP3 fetches could completely ignore all TLS options whether
     available or not because it didn't reliably issue CAPA before
     checking for STLS support - but CAPA is a requisite for STLS.
     Whether or not CAPAbilities were probed, depended on the "auth"
-    option.
+    option. (Fetchmail only tried CAPA if the auth option was not set at
+    all, was set to gssapi, kerberos, kerberos_v4, otp, or cram-md5.)
 
 V4. POP3 could fall back to using plain text passwords, even if strong
     authentication had been configured.
-- 
cgit v1.2.3