--------------------------------------------------------------------------------
-fetchmail-6.3.20 (not yet released):
+fetchmail-6.3.20 (not yet released, 26005 LoC):
# SECURITY BUG FIXES
- * STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
+ * CVE-2011-1947:
- Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout
- (default five minutes) now. This was reported missing, from fetchmail freezes
- beyond a week, by Thomas Jarosch.
++ STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
+ set timeout (default five minutes) now. This was reported missing, with
+ observed fetchmail freezes beyond a week, by Thomas Jarosch.
SSL-wrapped connections were unaffected by this timeout, so users of older
versions can force ssl-wrapped connections -- if supported by the server --
with the --ssl command line or ssl rcfile option.