CVE-2010-4533

Eric H. Christensen sparks at fedoraproject.org
Wed Aug 6 15:55:42 BST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I checked the release notes trying to find what version of offlineimap fixes CVE-2010-4533 (allowing SSLv2) and CVE-2010-4532 (not checking SSL server certificates).  I believe the latter is fixed by a commit from 2010-12-16[0] (and this may need to be implemented in the config file by default).  Could you point me to the commits that fixed these issues, please?

[0] https://github.com/nicolas33/offlineimap/commit/4f57b94e2333c37c5a7251fc88dfeda9bc0b226a

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security

sparks at redhat.com - sparks at fedoraproject.org
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJT4kHqAAoJEB/kgVGp2CYvKwML+wWLt20YSsqzENAwuLw0AR7M
Poqp5e2+KuuudoS6qeyUJUoy5Z8OqNcEKjxD4SnUku+CblhHotXIflM7EcuFpehW
z6xnPPeY2MgHJduuRwrwzMc+7hyqXdbZh4homXLfG89XxRDkLqf7doCyUkZzdgrS
CtocC8QDAABdtxbAj4m7YecdumHvmOuqudQoWepQf1dV13qOvpql2L+w6jId8OI6
4TO214ZVxmSgEs4y+HiGi8b7+W+iMcIQt8YtiV0MDibAYOUvMj11t3ehvV+eWbIR
MdYdD5lCMC24gajRdO44VYs9nur0dY+gw5RIhrWvO75IeZZu3A94fszhS2ViTlMm
ONhsx4c3klGIkMI8gGORrYpzVn/AoDsOxGIwydbbMraxlgRAulkNkL8RMQOJrZYK
9X8PbvWTYDWnGuc6a2cWSEkZIUN1oO6pe2tB4uwNbBEMmY3RaflGGDFvmSYb9w7P
M30vluKFmO7XNpBcRgq2NBBARBQWZ2jXjljumKx2Jw==
=z4Uc
-----END PGP SIGNATURE-----




More information about the OfflineIMAP-project mailing list