aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-08-03 20:27:38 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-08-03 20:50:08 +0200
commit3b2939febdeb7f92051f95a3b08cf86e221ce21d (patch)
tree5af420e5db686b913e2f5126b5d026e5d79e3fa3 /Changelog
parentbc43c0d9468a8d50ba141c8a965f9f07ed0456ff (diff)
libinterimap: abort on PREAUTH greeting received on plaintext connections
Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093.
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog3
1 files changed, 3 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index c6194de..1327c00 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED;
and \[rq] in the groff output anyway).
- libinterimap: fix response injection vulnerability after STARTTLS.
For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
+ - libinterimap: abort on PREAUTH greeting received on plaintext
+ connections (set "STARTTLS = NO" to ignore). This is similar to
+ CVE-2020-12398 and CVE-2020-14093.
* libinterimap: fail when a capability to ENABLE is missing from the
server's CAPABILITY listing.