Isaac Wilcox

**Name of the Vulnerable Software and Affected Versions** fetchmail versions prior to 6.3.6-rc4 **Description** The issue allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks because it does not properly enforce TLS, potentially transmitting cleartext passwords over unsecured links under certain circumstances. **Recommendations** For versions prior to 6.3.6-rc4, update to version 6.3.6-rc4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** fetchmail versions 6.3.5 through 6.3.6 before 6.3.6-rc4 **Description** The issue allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions. **Recommendations** For fetchmail versions 6.3.5 through 6.3.6 before 6.3.6-rc4, update to version 6.3.6-rc4 or later to resolve the issue.