Source: libetpan Version: 1.9.4-2 Severity: important Tags: security upstream Forwarded: https://github.com/dinhvh/libetpan/issues/386 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libetpan. CVE-2020-15953[0]: | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other | products, has a STARTTLS buffering issue that affects IMAP, SMTP, and | POP3. When a server sends a "begin TLS" response, the client reads | additional data (e.g., from a meddler-in-the-middle attacker) and | evaluates it in a TLS context, aka "response injection." If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-15953 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15953 [1] https://github.com/dinhvh/libetpan/issues/386 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
