Candidate: CVE-2014-7273
PublicDate: 2014-10-08 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7273
 http://pyropus.ca/software/getmail/CHANGELOG
 http://openwall.com/lists/oss-security/2014/10/07/33
Description:
 The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not
 verify X.509 certificates from SSL servers, which allows man-in-the-middle
 attackers to spoof IMAP servers and obtain sensitive information via a
 crafted certificate.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_getmail4:
upstream_getmail4: released (4.44.0-1)
lucid_getmail4: ignored (reached end-of-life)
precise_getmail4: ignored (reached end-of-life)
precise/esm_getmail4: DNE (precise was needed)
trusty_getmail4: ignored (reached end-of-life)
trusty/esm_getmail4: DNE (trusty was needed)
utopic_getmail4: not-affected (4.46.0-1)
vivid_getmail4: not-affected (4.46.0-1)
vivid/stable-phone-overlay_getmail4: DNE
vivid/ubuntu-core_getmail4: DNE
wily_getmail4: not-affected (4.46.0-1)
xenial_getmail4: not-affected (4.46.0-1)
yakkety_getmail4: not-affected (4.46.0-1)
zesty_getmail4: not-affected (4.46.0-1)
artful_getmail4: not-affected (4.46.0-1)
bionic_getmail4: not-affected (4.46.0-1)
cosmic_getmail4: DNE
disco_getmail4: DNE
devel_getmail4: DNE