"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "ChangeLog" between
mutt-2.0.1.tar.gz and mutt-2.0.2.tar.gz

About: mutt is a small but powerful text-based mail client.

ChangeLog  (mutt-2.0.1):ChangeLog  (mutt-2.0.2)
2020-11-20 09:20:01 -0800 Kevin McCarthy <kevin@8t8.us> (e4fd9247)
* Update UPDATING file for 2.0.2.
2020-11-16 10:20:21 -0800 Kevin McCarthy <kevin@8t8.us> (04b06aaa)
* Ensure IMAP connection is closed after a connection error.
During connection, if the server provided an illegal initial response,
Mutt "bailed", but did not actually close the connection. The calling
code unfortunately relied on the connection status to decide to
continue with authentication, instead of checking the "bail" return
This could result in authentication credentials being sent over an
unencrypted connection, without $ssl_force_tls being consulted.
Fix this by strictly closing the connection on any invalid response
during connection. The fix is intentionally small, to ease
backporting. A better fix would include removing the 'err_close_conn'
label, and perhaps adding return value checking in the caller (though
this change obviates the need for that).
This addresses CVE-2020-28896. Thanks to Gabriel Salles-Loustau for
reporting the problem, and providing test cases to reproduce.
M imap/imap.c
2020-11-19 15:06:51 -0800 Keld Simonsen <keld@keldix.com> (d4c97068)
* Updated Danish translation.
M po/da.po
2020-11-14 13:16:03 -0800 Kevin McCarthy <kevin@8t8.us> (42e08237)
* automatic post-release commit for mutt-2.0.1
M ChangeLog
2020-11-14 13:10:45 -0800 Kevin McCarthy <kevin@8t8.us> (78fe7d4e) 2020-11-14 13:10:45 -0800 Kevin McCarthy <kevin@8t8.us> (78fe7d4e)
* Update UPDATING file for 2.0.1. * Update UPDATING file for 2.0.1.
2020-11-12 09:42:28 -0800 Kevin McCarthy <kevin@8t8.us> (894a49f6) 2020-11-12 09:42:28 -0800 Kevin McCarthy <kevin@8t8.us> (894a49f6)
* Clarify pattern completion uses <complete>. * Clarify pattern completion uses <complete>.
 End of changes. 1 change blocks. 
0 lines changed or deleted 43 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)