Joined: 12 May 2004
|Posted: Wed Jul 29, 2020 5:26 am Post subject: [ GLSA 202007-55 ] libetpan
|Gentoo Linux Security Advisory
Title: libetpan: Improper STARTTLS handling (GLSA 202007-55)
A vulnerability was discovered in libetpan's STARTTLS handling,
possibly allowing an integrity/confidentiality compromise.
libetpan is a portable, efficient middleware for different kinds of mail
Vulnerable: < 1.9.4-r1
Unaffected: >= 1.9.4-r1
Architectures: All supported architectures
It was discovered that libetpan was not properly handling state within
the STARTTLS protocol handshake.
There may be a breach of integrity or confidentiality in connections
made using libetpan with STARTTLS.
There is no known workaround at this time.
All libetpan users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libetpan-1.9.4-r1"