Source: fetchmail
Version: 6.4.21-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 6.4.16-4
Control: found -1 6.4.0~beta4-3+deb10u1
Control: found -1 6.4.0~beta4-1
Hi,
The following vulnerability was published for fetchmail.
CVE-2021-39272[0]:
| TLS bypass vulnerabilities ("NO STARTTLS")
Note I think this does not warrant a DSA. But if cherry-picking
changes for bullseye and buster, as per [1] proabably should pick as
well the documentation updates with the updated recommendations.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39272
[1] https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Regards,
Salvatore
