Candidate: CVE-2009-3942
PublicDate: 2009-11-16 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3942
Description:
 Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly
 handle a '\0' character in a domain name in the (1) subject's Common Name
 or (2) Subject Alternative Name field of an X.509 certificate, which allows
 man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
 certificate issued by a legitimate Certification Authority, a related issue
 to CVE-2009-2408.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_msmtp:
upstream_msmtp: released (1.4.19)
dapper_msmtp: ignored (reached end-of-life)
hardy_msmtp: ignored (reached end-of-life)
intrepid_msmtp: needed (reached end-of-life)
jaunty_msmtp: ignored (reached end-of-life)
karmic_msmtp: ignored (reached end-of-life)
lucid_msmtp: not-affected (1.4.19-1)
maverick_msmtp: ignored (reached end-of-life)
natty_msmtp: ignored (reached end-of-life)
oneiric_msmtp: ignored (reached end-of-life)
precise_msmtp: not-affected (1.4.19-1)
quantal_msmtp: ignored (reached end-of-life)
raring_msmtp: ignored (reached end-of-life)
saucy_msmtp: ignored (reached end-of-life)
trusty_msmtp: not-affected (1.4.19-1)
trusty/esm_msmtp: DNE (trusty was not-affected [1.4.19-1])
devel_msmtp: not-affected (1.4.19-1)