Debian Security Advisory 1259-1 - Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure.
c60bdd36c32a73ec0793bd760ad373fbc9341b987529b19badf093420add44fe
Ubuntu Security Notice 405-1 - It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network.
502b7277990cb0abff840829b05ec53ba00e73e8071dae50c965089d23c9c48e
OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5
e848b53d79d513a6112f14b3d4de99609c0c6e7edaa805a1ed7f23529322556e
Fetchmail has had several nasty password disclosure vulnerabilities for a long time. It was only recently that these have been found. This affects fetchmail versions 6.3.5 and below.
a90b6668d3eb0388a08526760856b5f2f2e46ed5f5cc3551868bf5e5ff61289e