CVE-2014-7273

Published: 08 October 2014

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.

Priority

Medium

Status

Package Release Status
getmail4
Launchpad, Ubuntu, Debian
Upstream
Released (4.44.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.46.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.46.0-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)