CVE-2019-8337 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Certificate verification bypass
Description	In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-905	msmtp	1.8.2-1	1.8.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Feb 2019	ASA-201902-22	AVG-905	msmtp	High	certificate verification bypass

References
https://marlam.de/msmtp/news/ https://gitlab.marlam.de/marlam/msmtp/commit/a81d0a5126304f9f8b29a75d058044dc67d07663