From 3b2939febdeb7f92051f95a3b08cf86e221ce21d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 20:27:38 +0200
Subject: libinterimap: abort on PREAUTH greeting received on plaintext
 connections

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.
---
 Changelog | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index c6194de..1327c00 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED;
    and \[rq] in the groff output anyway).
  - libinterimap: fix response injection vulnerability after STARTTLS.
    For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
+ - libinterimap: abort on PREAUTH greeting received on plaintext
+   connections (set "STARTTLS = NO" to ignore).  This is similar to
+   CVE-2020-12398 and CVE-2020-14093.
  * libinterimap: fail when a capability to ENABLE is missing from the
    server's CAPABILITY listing.
 
-- 
cgit v1.2.3