Version 6.2.5.2 of fetchmail
Release Notes: This release fixes CAN-2005-2335 (a remote code injection vulnerability through a malicious POP3 server's UIDL replies). RFC-821/2821 conformance was fixed by not emitting a blank between MAIL FROM: and the address, which caused mail loss on some sites. The POP2 driver now checks for authentication failures. The APOP/RPOP drivers no longer attempt to get SIZE for a message range. Fetchmail has been handed to new maintainers and has changed its home site.
Other releases
Release Notes: Compilation with OpenSSL implementations before 0.9.8m lacking SSL_CTX_clear_options() works again, but is neither supported nor recommended. The combination of "--plugin" and "-f -" was fixed. Logfile vs. syslog handling was cleaned up. Other minor changes were made.
Release Notes: A security issue where a misinterpreted server response could allow DoS and data theft in NTLM authentication was fixed. This issue was reported as CVE-2012-3482. The false disabling of a countermeasure against plaintext attacks in block ciphers was fixed. Various other minor fixes were made.
Release Notes: A NUL byte insertion bug in the IMAP client, which occurred when the last line of the input had no LF and no CRLF termination, was fixed.
Release Notes: This release fixes a STARTTLS denial of service vulnerability (CVE-2011-1947). It reduces repetitions in "unseen" message logging and speeds up IMAP fetches with full mailboxes quite a bit. Fetchmail now sets its Internet sockets to keepalive mode, to detect disconnections, and resolves MD5-related build problems.
Release Notes: Several multidrop fixes were made. "--antispam" now works from the command line. A workaround for documentation builds with broken XHTML 1.1 DTD installations was put in place. STARTTLS handling was improved. IMAP now understands empty strings as FETCH response.
