Candidate: CVE-2016-10937
PublicDate: 2019-09-08 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10937
 https://github.com/lefcha/imapfilter/issues/142
 https://bugs.debian.org/939702
Description:
 IMAPFilter through 2.6.12 does not validate the hostname in an SSL
 certificate.
Ubuntu-Description:
 It was discovered that IMAPFilter incorrectly validated SSL certificates.
 A remote attacker could possibly use this issue to intercept secure
 communications.
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939702
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_imapfilter:
upstream_imapfilter: needs-triage
precise/esm_imapfilter: DNE
trusty_imapfilter: ignored (out of standard support)
trusty/esm_imapfilter: DNE
xenial_imapfilter: ignored (end of standard support, was needs-triage)
bionic_imapfilter: needs-triage
disco_imapfilter: ignored (reached end-of-life)
eoan_imapfilter: ignored (reached end-of-life)
focal_imapfilter: not-affected (1:2.6.13-1)
groovy_imapfilter: not-affected (1:2.6.13-1)
hirsute_imapfilter: not-affected (1:2.6.13-1)
impish_imapfilter: not-affected (1:2.6.13-1)
jammy_imapfilter: not-affected (1:2.6.13-1)
devel_imapfilter: not-affected (1:2.6.13-1)