* Fixed a possible plaintext command injection during the negotiation of
a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the
STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer
upon a successful negotiation of a TLS layer. It prevents malicious
commands, sent unencrypted, from being executed in the new encrypted
state of the session.
* Fixed a possible plaintext command injection during the negotiation of
a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the
STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer
upon a successful negotiation of a TLS layer. It prevents malicious
commands, sent unencrypted, from being executed in the new encrypted
state of the session.