AVG-2274 log
Package | ksmtp |
Status | Fixed |
Severity | Low |
Type | silent downgrade |
Affected | 21.08.3-1 |
Fixed | 21.12.0-1 |
Current | 24.12.0-1 [extra] |
Ticket | None |
Created | Tue Aug 10 16:26:37 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-38373 | Low | Yes | Silent downgrade | In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. |