fetchmail
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | A remote-mail retrieval utility |
Version | 6.4.39-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2326 | 6.4.21-1 | 6.4.22-1 | Medium | Fixed | |
AVG-2238 | 6.4.19-1 | 6.4.21-1 | Low | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-39272 | AVG-2326 | Medium | Yes | Information disclosure | Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. |
CVE-2021-36386 | AVG-2238 | Low | Yes | Denial of service | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to... |