From bc43c0d9468a8d50ba141c8a965f9f07ed0456ff Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 19:20:05 +0200
Subject: libinterimap: Fix response injection vulnerability after STARTTLS.

For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
---
 tests/list | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tests/list')

diff --git a/tests/list b/tests/list
index 402ec51..5522ba8 100644
--- a/tests/list
+++ b/tests/list
@@ -46,6 +46,7 @@ split-set   Split large sets to avoid extra-long command lines
 . SSL/TLS
     starttls-logindisabled  LOGINDISABLED STARTTLS
     starttls                STARTTLS
+    starttls-injection      STARTTLS response injection
     tls                     SSL/TLS handshake
     ... tls-verify-peer
     tls-pin-fingerprint     pubkey fingerprint pinning
-- 
cgit v1.2.3


From 3b2939febdeb7f92051f95a3b08cf86e221ce21d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Aug 2020 20:27:38 +0200
Subject: libinterimap: abort on PREAUTH greeting received on plaintext
 connections

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.
---
 tests/list | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tests/list')

diff --git a/tests/list b/tests/list
index 5522ba8..db77f50 100644
--- a/tests/list
+++ b/tests/list
@@ -38,6 +38,7 @@ repair  --repair
     auth-login              LOGIN
     auth-logindisabled      LOGINDISABLED
     auth-noplaintext        abort when STARTTLS is not offered
+    preauth-plaintext       abort on MiTM via PREAUTH greeting
 
 compress    COMPRESS=DEFLATE
 condstore   CONDSTORE
-- 
cgit v1.2.3