Hello community, here is the log from the commit of package getmail for openSUSE:Factory checked in at 2014-10-09 12:52:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/getmail (Old) and /work/SRC/openSUSE:Factory/.getmail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "getmail" Changes: -------- --- /work/SRC/openSUSE:Factory/getmail/getmail.changes 2013-10-01 08:12:17.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.getmail.new/getmail.changes 2014-10-09 12:52:52.000000000 +0200 @@ -1,0 +2,25 @@ +Wed Oct 8 22:32:15 UTC 2014 - [email protected] + +- getmail 4.46.0 [bnc#900217] + This release fixes several similar vulnerabilities that could + allow a man-in-the-middle attacker to read encrypted traffic due + to pack of certificate verification against the hostname. + * fix --idle checking Python version incorrectly, resulting in + incorrect warning about running with Python < 2.5 + * add missing support for SSL certificate checking in POP3 which + broke POP retrieval in v4.45.0 + [CVE-2014-7275] +- includes changes from 4.45.0: + * perform hostname-vs-certificate matching of SSL certificate if + validating the certifcate + [CVE-2014-7274] + * fix missing plaintext versions of documentation +- includes changes from 4.44.0: + * add extended SSL options for IMAP retrievers, allowing + certificate verification and other features + [CVE-2014-7273] + * fix missing plaintext versions of documentation + * fix "Header instance has no attribute 'strip'" error which + cropped up in some configurations + +------------------------------------------------------------------- Old: ---- getmail-4.43.0.tar.gz New: ---- getmail-4.46.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ getmail.spec ++++++ --- /var/tmp/diff_new_pack.cnd2Hx/_old 2014-10-09 12:52:53.000000000 +0200 +++ /var/tmp/diff_new_pack.cnd2Hx/_new 2014-10-09 12:52:53.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package getmail # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: getmail -Version: 4.43.0 +Version: 4.46.0 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://pyropus.ca/software/getmail/ ++++++ getmail-4.43.0.tar.gz -> getmail-4.46.0.tar.gz ++++++ ++++ 4806 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
