CVE-2021-38373 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Silent downgrade
Description	In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2274	ksmtp	21.08.3-1	21.12.0-1	Low	Fixed

References
https://nostarttls.secvuln.info/ https://kde.org/info/security/advisory-20211118-1.txt https://bugs.kde.org/show_bug.cgi?id=423423 https://invent.kde.org/pim/ksmtp/-/commit/b33f06397ea2f02ebfa26b77862fcb7164b4ba0c https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a https://invent.kde.org/pim/ksmtp/-/commit/77a366023715745a0677a93b6e3cb69856f8f299 https://invent.kde.org/pim/ksmtp/-/commit/5d96c216281b88e1ceb2f6e7fc8b68c593674251 https://invent.kde.org/pim/kmailtransport/-/commit/b49ee72009620f152aaab1f592704e56e3be01f5

References

https://nostarttls.secvuln.info/
https://kde.org/info/security/advisory-20211118-1.txt
https://bugs.kde.org/show_bug.cgi?id=423423
https://invent.kde.org/pim/ksmtp/-/commit/b33f06397ea2f02ebfa26b77862fcb7164b4ba0c
https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203
https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a
https://invent.kde.org/pim/ksmtp/-/commit/77a366023715745a0677a93b6e3cb69856f8f299
https://invent.kde.org/pim/ksmtp/-/commit/5d96c216281b88e1ceb2f6e7fc8b68c593674251
https://invent.kde.org/pim/kmailtransport/-/commit/b49ee72009620f152aaab1f592704e56e3be01f5