[Secure-testing-team] Bug#701052: isync: CVE-2013-0289: Incorrect server's SSL x509.v3 certificate validation when performing IMAP synchronization
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 20 23:09:55 UTC 2013
Package: isync
Version: 1.0.4-2.1
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for isync.
CVE-2013-0289[0]:
missing SSL subject verification
A patch is available in upstream's git repository[1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0289
[1] http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb
Regards,
Salvatore
More information about the Secure-testing-team
mailing list