aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog3
1 files changed, 3 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index c6194de..1327c00 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED;
and \[rq] in the groff output anyway).
- libinterimap: fix response injection vulnerability after STARTTLS.
For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
+ - libinterimap: abort on PREAUTH greeting received on plaintext
+ connections (set "STARTTLS = NO" to ignore). This is similar to
+ CVE-2020-12398 and CVE-2020-14093.
* libinterimap: fail when a capability to ENABLE is missing from the
server's CAPABILITY listing.