oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request(s): Getmail 4

From: cve-assign () mitre org
Date: Tue, 7 Oct 2014 13:45:25 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://pyropus.ca/software/getmail/CHANGELOG



Getmail 4.0.0 through 4.43.0 allows IMAP MITM with an arbitrary
certificate


Use CVE-2014-7273.



Getmail 4.44.0 allows IMAP MITM with a valid/recognized certificate
for an arbitrary hostname


Use CVE-2014-7274.



Getmail 4.0.0 through 4.44.0 allows POP MITM with an arbitrary
certificate


Use CVE-2014-7275.


4.45.0: not vulnerable, although for multiple reasons

4.46.0: not vulnerable; all issues fixed

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUNCZjAAoJEKllVAevmvmsaDoH/A6P+zvtqi/6ZUudBSYLYCju
K1N9DmsfwjdPYbcnPqJfuZSfUpAlCTKa70NnsxSrP7Ud8nsEZgPRPsgJZ5Lg5fZC
nU1A+GKKQzU1SGnhksdpwSEywz6qOEhLkDBIWw3Wzqg8oeTp2IziM0BN4WJQMfuQ
hxZlQt20GucAzjBEyoAsuKdOL7s24XpitxJEUfex0rWUFxZrv347285O2aPSmJui
k2P5koio6d4ty4e37aBD0a1EWS12bPrEs8k6XQQBlRWJTrVIupRlNpxDPxsNxtFk
7PPkxEJJfVC2XkA5PqBtzwaNeBB7HXT5Fzp5ngQdjntXKmMRqtpb/rRApxL1Y9Y=
=wSw8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: