[pkg-fetchmail-maint] Bug#700266: fetchmail: --sslfingerprint uses MD5
Jakub Wilk
jwilk at debian.org
Sun Feb 10 18:03:42 UTC 2013
Package: fetchmail
Version: 6.3.22-2
Severity: important
Tags: security
The --sslfingerprint accepts only MD5 fingerprints. MD5 should be
considered cryptographically broken. Please at least add the possibility
to specify SHA-1 fingerprints.
(As a side note, the manpage says that MD5 "is the default format
OpenSSL uses", which hasn't been true since OpenSSL 0.9.8.)
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.7-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fetchmail depends on:
ii adduser 3.113+nmu3
ii debianutils 4.3.4
ii libc6 2.17-0experimental2
ii libcomerr2 1.42.5-1
ii libgssapi-krb5-2 1.10.1+dfsg-3
ii libkrb5-3 1.10.1+dfsg-3
ii libssl1.0.0 1.0.1c-4
ii lsb-base 4.1+Debian9
--
Jakub Wilk
More information about the pkg-fetchmail-maint
mailing list