[pkg-fetchmail-maint] Bug#569207: Bug#569207: fetchmail: NEWS.Debian is not a changelog

Nico Golde nion at debian.org
Thu Feb 11 21:35:41 UTC 2010 

Hey,
* Frank Küster <frank at debian.org> [2010-02-10 20:37]:
> The latest upgrade presented this as its NEWS.Debian:
> 
> fetchmail (6.3.13-1) unstable; urgency=low
> 
>    This includes all changes since 6.3.6
>    Fix KPOP regression.
>    Fix manual page: --sslcheck -> --sslcertck
>    Make the APOP challenge parser more distrustful to prevent MiM attacks.
>    Add sslcommonname option as a way to work around misconfigured upstream SSL servers.
>    Fixed CVE-2007-4565: Denial of service.
>    Fixed CVE-2008-2711: Denial of service.
>    When expunging, mark the right messages as seen to avoid message loss in "keep flush" configurations.
>    SSL fix: close memory leak when SSL connection fails.
>    Make the comparison of the SSL fingerprints case insensitive, to ease its use.
>    The sleeping at/awakened at messages appear in logfiles and syslog only if verbose mode is enabled.
>    fetchmail only requests IPv6 addresses via name service if at least one is configured on the local host, likewise for IPv4.
>    If the server name contains "yahoo.com", offers the "ID" capability, and we're polling via IMAP, send an ID ("guid" "1") transaction first, ignoring its result.
>    Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation.
>    There is a new "softbounce" global option that prevents the deletion of messages that have not been forwarded. It defaults to "true" for fetchmail 6.3.X in order to match historic documentation.
>    Fixed CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a part of a X.509 certificate's CommonName and subjectAltName fields.
> 
>  -- Hector Garcia <hector at debian.org>  Mon, 2 Feb 2010 23:24:29 +0100
> 
> This is not a suitable NEWS entry, neither in terms of content nor
> proper form.  See the explanation at

Yep good point. I'll remove it on the next upload/change it so it notes the 
introduction of the new softbounce option.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20100211/567f7a65/attachment.pgp>

More information about the pkg-fetchmail-maint mailing list