Package: fetchmail Version: 6.3.22-2 Severity: important Tags: security
The --sslfingerprint accepts only MD5 fingerprints. MD5 should be considered cryptographically broken. Please at least add the possibility to specify SHA-1 fingerprints.
(As a side note, the manpage says that MD5 "is the default format OpenSSL uses", which hasn't been true since OpenSSL 0.9.8.)
-- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.7-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fetchmail depends on: ii adduser 3.113+nmu3 ii debianutils 4.3.4 ii libc6 2.17-0experimental2 ii libcomerr2 1.42.5-1 ii libgssapi-krb5-2 1.10.1+dfsg-3 ii libkrb5-3 1.10.1+dfsg-3 ii libssl1.0.0 1.0.1c-4 ii lsb-base 4.1+Debian9 -- Jakub Wilk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

