AVG-2086 log

Package libesmtp
Status Not affected
Severity High
Type arbitrary code execution
Affected 1.0.6-7
Fixed 1.1.0-1
Current 1.1.0-1 [community]
Ticket FS#71292
Created Sat Jun 19 07:23:37 2021
Issue Severity Remote Type Description
CVE-2019-19977 High Yes Arbitrary code execution
libESMTP before version 1.1.0 mishandles domain copying into a fixed- size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c. During NTLM authentication, a...
References
https://github.com/libesmtp/libESMTP/blob/3d36c4125a7fe5bd770929761dfb9269defb1f5b/configure.ac#L390
Notes
The libesmtp 1.0.6-7 Arch Linux package was built without the --enable-ntlm configuration option, so the vulnerable NTLM authentication support was not enabled.