Fix mimedecode last-line omission.

[~andy/fetchmail] / fetchmail-SA-2005-02.txt

diff --git a/fetchmail-SA-2005-02.txt b/fetchmail-SA-2005-02.txt
index 68131d638e24dfde60252bab683a3672ba838b6a..f2400a39aa1882479bde5ad565fc7f3a0408d396 100644 (file)
--- a/fetchmail-SA-2005-02.txt
+++ b/fetchmail-SA-2005-02.txt
@@ -1,16 +1,19 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 fetchmail-SA-2005-02: security announcement
 
 Topic:         password exposure in fetchmailconf
 
 Author:                Matthias Andree
-Version:       1.01
+Version:       1.03
 Announced:     2005-10-21
 Type:          insecure creation of file
 Impact:                passwords are written to a world-readable file
 Danger:                medium
 Credits:       Thomas Wolff, Miloslav Trmac for pointing out
                that fetchmailconf 1.43.1 was also flawed
-CVE Name:      CAN-2005-3088
+CVE Name:      CVE-2005-3088
 URL:           http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
 
 Affects:       fetchmail version 6.2.5.2
@@ -20,21 +23,25 @@ Affects:    fetchmail version 6.2.5.2
                fetchmailconf 1.43.1 (shipped separately, now withdrawn)
                (other versions have not been checked but are presumed affected)
 
-Not affected:  fetchmail 6.2.9-rc6
-               fetchmailconf 1.43.2 (use this for fetchmail-6.2.5.2)
-               fetchmailconf 1.49   (shipped with 6.2.9-rc6)
-               fetchmail 6.3.0      (not released yet)
+Not affected:  fetchmailconf 1.43.2 (use this for fetchmail-6.2.5.2)
+               fetchmail 6.2.5.4
+               fetchmail 6.3.0
 
 Corrected:     2005-09-28 01:14 UTC (SVN) - committed bugfix (r4351)
                2005-10-21                 - released fetchmailconf-1.43.2
-               2005-10-21                 - released fetchmail 6.2.9-rc6
+               2005-11-13                 - released fetchmail 6.2.5.4
+               2005-11-30                 - released fetchmail 6.3.0
 
 0. Release history
 ==================
 
-2005-10-21     1.00 (shipped with -rc6)
-2005-10-21     1.01 (marked 1.43.1 vulnerable, revised section 4,
-                     added Credits)
+2005-10-21     1.00 - initial version (shipped with -rc6)
+2005-10-21     1.01 - marked 1.43.1 vulnerable
+                    - revised section 4
+                    - added Credits
+2005-10-27     1.02 - reformatted section 0
+                    - updated CVE Name to new naming scheme
+2005-12-08     1.03 - update version information and solution
 
 1. Background
 =============
@@ -65,16 +72,9 @@ fetchmailconf has finished, you can restore your old umask.
 4. Solution
 ===========
 
-For users of fetchmail-6.2.5.2:
--------------------------------
-Download fetchmailconf-1.43.2.gz from fetchmail's project site
-<http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=6617>,
-gunzip it, then replace your existing fetchmailconf with it.
-
-For users of fetchmail-6.2.6* or 6.2.9* before 6.2.9-rc6:
----------------------------------------------------------
-update to the latest fetchmail-devel package, 6.2.9-rc6 on 2005-10-21.
-<https://developer.berlios.de/project/showfiles.php?group_id=1824>
+Download and install fetchmail 6.3.0 or a newer stable release from
+fetchmail's project site at
+<http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=6617>.
 
 A. References
 =============
@@ -97,3 +97,10 @@ THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
 Use the information herein at your own risk.
 
 END OF fetchmail-SA-2005-02.txt
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+iD8DBQFIV7WWvmGDOQUufZURAlq/AKCx+EnXjnakBVkUjtdIh+moYOgIqACdERnd
+TR05jtCG4JEb6iHz8AVcfOc=
+=vL+b
+-----END PGP SIGNATURE-----