isync

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	IMAP and MailDir mailbox synchronizer
Version	1.5.0-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2579	1.4.3-1	1.4.4-1	Medium	Fixed
AVG-2042	1.4.1-1	1.4.2-1	Medium	Fixed
AVG-1598	1.3.3-1	1.3.5-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-44143	AVG-2579	Medium	Yes	Arbitrary code execution	A security issue was found in mbsync in isync 1.4.0 before version 1.4.4. Due to an unchecked condition, a malicious or compromised IMAP server could use a...
CVE-2021-20247	AVG-1598	High	Yes	Directory traversal	A security issue was found in isync/mbsync before versions 1.3.5 and 1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur,...
CVE-2021-3657	AVG-2579	Medium	Yes	Arbitrary code execution	A security issue was found in mbsync in isync versions before 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or...
CVE-2021-3578	AVG-2042	Medium	Yes	Arbitrary code execution	A security issue was found in mbsync before version 1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary...

Advisories

Date	Advisory	Group	Severity	Type
03 Dec 2021	ASA-202112-5	AVG-2579	Medium	arbitrary code execution
09 Jun 2021	ASA-202106-27	AVG-2042	Medium	arbitrary code execution
27 Feb 2021	ASA-202102-38	AVG-1598	High	directory traversal