On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
> This is an important security release fixing a possible
> machine-in-the-middle response injection attack when using STARTTLS with
> IMAP, POP3, and SMTP. (For packagers, I've requested a CVE and will update
> the website when I have the num
On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
+/* L10N:
+ The server is not supposed to send data immediately after
+ confirming STARTTLS. This warns the user that something
+ weird is going on.
+
On 19Jun2020 07:11, Kevin J. McCarthy wrote:
>On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
>>On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
>>+/* L10N:
>>+ The server is not supposed to send data immediately after
>>+ confirming STARTTLS. This warns the
On 2020-06-20 08:48:04 +1000, Cameron Simpson wrote:
> On 19Jun2020 07:11, Kevin J. McCarthy wrote:
> >On Fri, Jun 19, 2020 at 09:48:32AM +0200, Vincent Lefevre wrote:
> >>On 2020-06-18 18:14:15 -0700, Kevin J. McCarthy wrote:
> >>+/* L10N:
> >>+ The server is not supposed to send data i
