Package name
imapsync
Date
2014-03-14
Advisory ID
MDVSA-2014:060
Affected versions
MBS1 x86_64

Problem description

Updated imapsync package fixes security vulnerabilities:

Imapsync, by default, runs a release check when executed, which
causes imapsync to connect to http://imapsync.lamiral.info and send
information about the version of imapsync, the operating system and
perl (CVE-2013-4279).

The imapsync package has been patched to disable this feature.

In imapsync before 1.584, a certificate verification failure when
using the --tls option results in imapsync attempting a cleartext login
(CVE-2014-2014).

Updated packages

MBS1 x86_64

 cb3b49e4916f35b94c1ff67196525cf4  mbs1/x86_64/imapsync-1.584-1.mbs1.noarch.rpm 
 03c16ad4a39d6dac597053f0a366f04e  mbs1/SRPMS/imapsync-1.584-1.mbs1.src.rpm

References