Branches for Edgy

Author: Martin Pitt
Revision Date: 2006-10-23 11:22:25 UTC

Add debian/patches/03.fix-ja.po.dpatch: Japanese does not have any plural
forms; remove the useless msgstr[1] from Japanese translation so that
msgfmt does not abort with a fatal error. Fixes FTBFS.

Author: Jamie Strandboge
Revision Date: 2007-09-25 10:29:49 UTC

* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* References
  CVE-2007-4565
  CVE-2007-1558

Author: Jamie Strandboge
Revision Date: 2007-09-25 10:29:49 UTC

* SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
  send certain warning messages
* added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
* SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
  attackers may be able to acquire a portion of a user's authentication
  credentials using man-in-the-middle techniques.
* added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
  limitations as well as updating pop3.c to more strictly validate the
  presented challenge for RFC-822 conformity. This change to pop3.c does
  not fix the APOP design flaw, but does make attacks against APOP somewhat
  more difficult.
* References
  CVE-2007-4565
  CVE-2007-1558