AVG-2274 log

Package ksmtp
Status Fixed
Severity Low
Type silent downgrade
Affected 21.08.3-1
Fixed 21.12.0-1
Current 24.12.0-1 [extra]
Ticket None
Created Tue Aug 10 16:26:37 2021
Issue Severity Remote Type Description
CVE-2021-38373 Low Yes Silent downgrade
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.