diff options
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED; and \[rq] in the groff output anyway). - libinterimap: fix response injection vulnerability after STARTTLS. For background see https://gitlab.com/muttmua/mutt/-/issues/248 . + - libinterimap: abort on PREAUTH greeting received on plaintext + connections (set "STARTTLS = NO" to ignore). This is similar to + CVE-2020-12398 and CVE-2020-14093. * libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. |