Описание
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mpop | fixed | 1.4.3-1 | package | |
| mpop | not-affected | stretch | package | |
| mpop | not-affected | jessie | package | |
| msmtp | fixed | 1.8.3-1 | package | |
| msmtp | not-affected | stretch | package | |
| msmtp | not-affected | jessie | package |
Примечания
mpop: Introduced by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=3162356734663a0ea0f88857c4ace21fac1b023b (1.4.2)
mpop: Fixed by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=95b96da443a24a4a9cb6664aefff9f6fcc7ac86e (1.4.3)
msmtp: Introduced by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=37371fa07729bfc11761b6d11befd7271528090d (1.8.2)
msmtp: Fixed by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=a81d0a5126304f9f8b29a75d058044dc67d07663 (1.8.3)
EPSS
Связанные уязвимости
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Уязвимость команды tls_trust_file SMTP-клиента Msmtp и POP3-клиента Mpop, позволяющая нарушителю оказать воздействие на целостность, доступность и конфиденциальность информации
EPSS