Candidate: CVE-2010-4532
PublicDate: 2019-11-13 18:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4532
Description:
 offlineimap before 6.3.2 does not check for SSL server certificate
 validation when "ssl = yes" option is specified which can allow
 man-in-the-middle attacks.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N [5.9 MEDIUM]

Patches_offlineimap:
upstream_offlineimap: released (6.3.2-rc1)
hardy_offlineimap: ignored (reached end-of-life)
lucid_offlineimap: ignored (reached end-of-life)
maverick_offlineimap: ignored (reached end-of-life)
natty_offlineimap: ignored (reached end-of-life)
oneiric_offlineimap: ignored (reached end-of-life)
precise_offlineimap: not-affected (6.3.3-3)
quantal_offlineimap: ignored (reached end-of-life)
raring_offlineimap: ignored (reached end-of-life)
saucy_offlineimap: ignored (reached end-of-life)
trusty_offlineimap: not-affected (6.3.3-3)
trusty/esm_offlineimap: DNE (trusty was not-affected [6.3.3-3])
devel_offlineimap: not-affected (6.3.3-3)