File _patchinfo of Package patchinfo.3064

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3064

<patchinfo>
  <issue id="900217" tracker="bnc">CVE-2014-7275: The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that theserver hostname matches ...</issue>
  <issue id="CVE-2014-7274" tracker="cve" />
  <issue id="CVE-2014-7275" tracker="cve" />
  <issue id="CVE-2014-7273" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
- getmail 4.46.0 [bnc#900217]
  This release fixes several similar vulnerabilities that could
  allow a man-in-the-middle attacker to read encrypted traffic due
  to pack of certificate verification against the hostname.
  * fix --idle checking Python version incorrectly, resulting in
    incorrect warning about running with Python &lt; 2.5
  * add missing support for SSL certificate checking in POP3 which
    broke POP retrieval in v4.45.0
    [CVE-2014-7275]
- includes changes from 4.45.0:
  * perform hostname-vs-certificate matching of SSL certificate if
    validating the certifcate
    [CVE-2014-7274]
  * fix missing plaintext versions of documentation
- includes changes from 4.44.0: 
  * add extended SSL options for IMAP retrievers, allowing
    certificate verification and other features
    [CVE-2014-7273]
  * fix missing plaintext versions of documentation
  * fix "Header instance has no attribute 'strip'" error which
    cropped up in some configurations

</description>
  <summary>update for getmail</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3064

Places