On Sat, Jun 20, 2020 at 01:39:21AM +0200, Vincent Lefevre wrote:
On 2020-06-20 08:48:04 +1000, Cameron Simpson wrote:
On 19Jun2020 07:11, Kevin J. McCarthy wrote:
Would it make more sense to just say
"Warning: clearing unexpected buffered data after STARTTLS"?
"Warning: after STARTTLS: clear
On 2020-06-20 09:39:04 +0200, Petr Pisar wrote:
> On Sat, Jun 20, 2020 at 01:39:21AM +0200, Vincent Lefevre wrote:
> > On 2020-06-20 08:48:04 +1000, Cameron Simpson wrote:
> > > On 19Jun2020 07:11, Kevin J. McCarthy wrote:
> > > >On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
> >
On Sat, Jun 20, 2020 at 01:39:21AM +0200, Vincent Lefevre wrote:
> On 2020-06-20 08:48:04 +1000, Cameron Simpson wrote:
> > On 19Jun2020 07:11, Kevin J. McCarthy wrote:
> > >On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
> > >>On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote
On 2020-06-20 08:48:04 +1000, Cameron Simpson wrote:
> On 19Jun2020 07:11, Kevin J. McCarthy wrote:
> >On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
> >>On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
> >>+/* L10N:
> >>+ The server is not supposed to send data i
On 19Jun2020 07:11, Kevin J. McCarthy wrote:
>On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
>>On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
>>+/* L10N:
>>+ The server is not supposed to send data immediately after
>>+ confirming STARTTLS. This warns the
On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
+/* L10N:
+ The server is not supposed to send data immediately after
+ confirming STARTTLS. This warns the user that something
+ weird is going on.
+
On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
> This is an important security release fixing a possible
> machine-in-the-middle response injection attack when using STARTTLS with
> IMAP, POP3, and SMTP. (For packagers, I've requested a CVE and will update
> the website when I have the num
