fetchmail

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A remote-mail retrieval utility
Version	6.4.38-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2326	6.4.21-1	6.4.22-1	Medium	Fixed
AVG-2238	6.4.19-1	6.4.21-1	Low	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-39272	AVG-2326	Medium	Yes	Information disclosure	Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-36386	AVG-2238	Low	Yes	Denial of service	report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-39272

AVG-2326

Medium

Yes

Information disclosure

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

CVE-2021-36386

AVG-2238

Low

Yes

Denial of service

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to...