fetchmail

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A remote-mail retrieval utility
Version 6.4.22-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2326 6.4.21-1 6.4.22-1 Medium Fixed
AVG-2238 6.4.19-1 6.4.21-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2021-39272 AVG-2326 Medium Yes Information disclosure
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2021-36386 AVG-2238 Low Yes Denial of service
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to...