From 821d0ea7b5c3802952ee99ca98dbe379908b2649 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 14:52:42 +0200 Subject: Makefile: remove 'smart' extension from pandoc call to generate manuals. --- Changelog | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 43648d0..5658eed 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,11 @@ +interimap (0.5.2) UNRELEASED; + + - Makefile: remove 'smart' extension from pandoc call to generate + manuals (it's no longer supported by pandoc 2.9 which generates \[lq] + and \[rq] in the groff output anyway). + + -- Guilhem Moulin Mon, 03 Aug 2020 14:51:23 +0200 + interimap (0.5.1) upstream; + pullimap: also compare RFC 5322 date and envelope information in -- cgit v1.2.3 From 845d43fcc08089e87cd8cdf776ebc2345fd4e1ff Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 18:24:30 +0200 Subject: libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. --- Changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 5658eed..9aba7cd 100644 --- a/Changelog +++ b/Changelog @@ -3,6 +3,8 @@ interimap (0.5.2) UNRELEASED; - Makefile: remove 'smart' extension from pandoc call to generate manuals (it's no longer supported by pandoc 2.9 which generates \[lq] and \[rq] in the groff output anyway). + * libinterimap: fail when a capability to ENABLE is missing from the + server's CAPABILITY listing. -- Guilhem Moulin Mon, 03 Aug 2020 14:51:23 +0200 -- cgit v1.2.3 From bc43c0d9468a8d50ba141c8a965f9f07ed0456ff Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 19:20:05 +0200 Subject: libinterimap: Fix response injection vulnerability after STARTTLS. For background see https://gitlab.com/muttmua/mutt/-/issues/248 . --- Changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 9aba7cd..c6194de 100644 --- a/Changelog +++ b/Changelog @@ -3,6 +3,8 @@ interimap (0.5.2) UNRELEASED; - Makefile: remove 'smart' extension from pandoc call to generate manuals (it's no longer supported by pandoc 2.9 which generates \[lq] and \[rq] in the groff output anyway). + - libinterimap: fix response injection vulnerability after STARTTLS. + For background see https://gitlab.com/muttmua/mutt/-/issues/248 . * libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. -- cgit v1.2.3 From 3b2939febdeb7f92051f95a3b08cf86e221ce21d Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 20:27:38 +0200 Subject: libinterimap: abort on PREAUTH greeting received on plaintext connections Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093. --- Changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index c6194de..1327c00 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,9 @@ interimap (0.5.2) UNRELEASED; and \[rq] in the groff output anyway). - libinterimap: fix response injection vulnerability after STARTTLS. For background see https://gitlab.com/muttmua/mutt/-/issues/248 . + - libinterimap: abort on PREAUTH greeting received on plaintext + connections (set "STARTTLS = NO" to ignore). This is similar to + CVE-2020-12398 and CVE-2020-14093. * libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. -- cgit v1.2.3 From fe5501d4bb4c7c6365ceb009ea715356cca27a50 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Aug 2020 20:51:01 +0200 Subject: Prepare new release. --- Changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Changelog') diff --git a/Changelog b/Changelog index 1327c00..6ee44fc 100644 --- a/Changelog +++ b/Changelog @@ -1,4 +1,4 @@ -interimap (0.5.2) UNRELEASED; +interimap (0.5.2) upstream; - Makefile: remove 'smart' extension from pandoc call to generate manuals (it's no longer supported by pandoc 2.9 which generates \[lq] @@ -11,7 +11,7 @@ interimap (0.5.2) UNRELEASED; * libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. - -- Guilhem Moulin Mon, 03 Aug 2020 14:51:23 +0200 + -- Guilhem Moulin Mon, 03 Aug 2020 20:50:41 +0200 interimap (0.5.1) upstream; -- cgit v1.2.3