Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.3:Update
patchinfo.3064
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3064
<patchinfo> <issue id="900217" tracker="bnc">CVE-2014-7275: The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that theserver hostname matches ...</issue> <issue id="CVE-2014-7274" tracker="cve" /> <issue id="CVE-2014-7275" tracker="cve" /> <issue id="CVE-2014-7273" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>AndreasStieger</packager> <description> - getmail 4.46.0 [bnc#900217] This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. * fix --idle checking Python version incorrectly, resulting in incorrect warning about running with Python < 2.5 * add missing support for SSL certificate checking in POP3 which broke POP retrieval in v4.45.0 [CVE-2014-7275] - includes changes from 4.45.0: * perform hostname-vs-certificate matching of SSL certificate if validating the certifcate [CVE-2014-7274] * fix missing plaintext versions of documentation - includes changes from 4.44.0: * add extended SSL options for IMAP retrievers, allowing certificate verification and other features [CVE-2014-7273] * fix missing plaintext versions of documentation * fix "Header instance has no attribute 'strip'" error which cropped up in some configurations </description> <summary>update for getmail</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor