-fetchmail-SA-2012-01: Denial of service possible in STARTTLS mode
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
-Topics: fetchmail denial of service in STARTTLS protocol phases
+fetchmail-SA-2012-01: Information disclosure under active attack
+
+Topics: Information disclosure under active attack with block ciphers
Author: Matthias Andree
-Version: draft
-Announced: 2012-04-06
+Version: 1.0
+Announced: 2012-08-29
Type: information disclosure under active attack
Impact: chosen plaintext attack theoretically possible
Danger: low
Corrected in: 2012-04-06 Git, among others, see commit
4af941d4a4318ba3149316aaa7ffaf24bb959e93
- 2012-04-06 fetchmail 6.3.22 release tarball
+ 2012-08-29 fetchmail 6.3.22 release tarball
0. Release history
==================
-2012-04-06 1.0 release
+2012-08-29 1.0 release
1. Background
(C) Copyright 2012 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.
-This work is licensed under the Creative Commons Attribution-NoDerivs
-3.0 Germany License (CC BY-ND 3.0).
+This work is licensed under the
+Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0).
To view a copy of this license, visit
http://creativecommons.org/licenses/by-nd/3.0/de/deed.en
or send a letter to:
-Creative Commons, 444 Castro Street, Suite 900,
-Mountain View, California, 94041, USA.
+
+Creative Commons
+444 Castro Street
+Suite 900
+MOUNTAIN VIEW, CALIFORNIA 94041
+USA
+
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
END of fetchmail-SA-2012-01
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEUEARECAAYFAlA+h6EACgkQvmGDOQUufZVxcQCWJ4Oza6u2OtWZErSf415uBneQ
+0gCfbaE1JSkrd0uXzwWDMAbBnSqY9lY=
+=2BVL
+-----END PGP SIGNATURE-----