libinterimap: abort on PREAUTH greeting received on plaintext connections

Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093.
author: Guilhem Moulin <guilhem@fripost.org> 2020-08-03 20:27:38 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2020-08-03 20:50:08 +0200
commit: 3b2939febdeb7f92051f95a3b08cf86e221ce21d (patch)
tree: 5af420e5db686b913e2f5126b5d026e5d79e3fa3 /Changelog
parent: bc43c0d9468a8d50ba141c8a965f9f07ed0456ff (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index c6194de..1327c00 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED;
    and \[rq] in the groff output anyway).
  - libinterimap: fix response injection vulnerability after STARTTLS.
    For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
+ - libinterimap: abort on PREAUTH greeting received on plaintext
+   connections (set "STARTTLS = NO" to ignore).  This is similar to
+   CVE-2020-12398 and CVE-2020-14093.
  * libinterimap: fail when a capability to ENABLE is missing from the
    server's CAPABILITY listing.
author	Guilhem Moulin <guilhem@fripost.org>	2020-08-03 20:27:38 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2020-08-03 20:50:08 +0200
commit	3b2939febdeb7f92051f95a3b08cf86e221ce21d (patch)
tree	5af420e5db686b913e2f5126b5d026e5d79e3fa3 /Changelog
parent	bc43c0d9468a8d50ba141c8a965f9f07ed0456ff (diff)