- getmail 4.46.0 [bnc#900217]
This release fixes several similar vulnerabilities that could
allow a man-in-the-middle attacker to read encrypted traffic due
to pack of certificate verification against the hostname.
* fix --idle checking Python version incorrectly, resulting in
incorrect warning about running with Python < 2.5
* add missing support for SSL certificate checking in POP3 which
broke POP retrieval in v4.45.0
[CVE-2014-7275]
- includes changes from 4.45.0:
* perform hostname-vs-certificate matching of SSL certificate if
validating the certifcate
[CVE-2014-7274]
* fix missing plaintext versions of documentation
- includes changes from 4.44.0:
* add extended SSL options for IMAP retrievers, allowing
certificate verification and other features
[CVE-2014-7273]
* fix missing plaintext versions of documentation
* fix "Header instance has no attribute 'strip'" error which
cropped up in some configurations