Candidate: CVE-2014-7274
PublicDate: 2014-10-08 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7274
 http://pyropus.ca/software/getmail/CHANGELOG
 http://openwall.com/lists/oss-security/2014/10/07/33
Description:
 The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the
 server hostname matches a domain name in the subject's Common Name (CN)
 field of the X.509 certificate, which allows man-in-the-middle attackers to
 spoof IMAP servers and obtain sensitive information via a crafted
 certificate from a recognized Certification Authority.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_getmail4:
upstream_getmail4: released (4.46.0-1)
lucid_getmail4: ignored (reached end-of-life)
precise_getmail4: not-affected
trusty_getmail4: not-affected
trusty/esm_getmail4: DNE (trusty was not-affected)
devel_getmail4: not-affected (4.46.0-1)