[pkg-fetchmail-maint] Bug#569207: Bug#569207: fetchmail: NEWS.Debian is not a changelog
Nico Golde
nion at debian.org
Thu Feb 11 21:35:41 UTC 2010
Hey,
* Frank Küster <frank at debian.org> [2010-02-10 20:37]:
> The latest upgrade presented this as its NEWS.Debian:
>
> fetchmail (6.3.13-1) unstable; urgency=low
>
> This includes all changes since 6.3.6
> Fix KPOP regression.
> Fix manual page: --sslcheck -> --sslcertck
> Make the APOP challenge parser more distrustful to prevent MiM attacks.
> Add sslcommonname option as a way to work around misconfigured upstream SSL servers.
> Fixed CVE-2007-4565: Denial of service.
> Fixed CVE-2008-2711: Denial of service.
> When expunging, mark the right messages as seen to avoid message loss in "keep flush" configurations.
> SSL fix: close memory leak when SSL connection fails.
> Make the comparison of the SSL fingerprints case insensitive, to ease its use.
> The sleeping at/awakened at messages appear in logfiles and syslog only if verbose mode is enabled.
> fetchmail only requests IPv6 addresses via name service if at least one is configured on the local host, likewise for IPv4.
> If the server name contains "yahoo.com", offers the "ID" capability, and we're polling via IMAP, send an ID ("guid" "1") transaction first, ignoring its result.
> Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation.
> There is a new "softbounce" global option that prevents the deletion of messages that have not been forwarded. It defaults to "true" for fetchmail 6.3.X in order to match historic documentation.
> Fixed CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields.
>
> -- Hector Garcia <hector at debian.org> Mon, 2 Feb 2010 23:24:29 +0100
>
> This is not a suitable NEWS entry, neither in terms of content nor
> proper form. See the explanation at
Yep good point. I'll remove it on the next upload/change it so it notes the
introduction of the new softbounce option.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20100211/567f7a65/attachment.pgp>
More information about the pkg-fetchmail-maint
mailing list