Nixpkgs security tracker

Untriaged

Permalink CVE-2010-4532

created 2 months ago Activity log

Created suggestion 2 months ago

offlineimap before 6.3.2 does not check for SSL server certificate …

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

References

https://security-tracker.debian.org/tracker/CVE-2010-4532 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4532 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-4532 x_transferredx_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450 x_transferredx_refsource_MISC
https://www.openwall.com/lists/oss-security/2010/12/23/2 x_transferredx_refsource_MISC

Affected products

offlineimap

==before 6.3.2

Matching in nixpkgs

pkgs.offlineimap

Synchronize emails between two repositories, so that you can read the same mailbox from multiple computers

nixos-unstable 8.0.0
- nixpkgs-unstable 8.0.0
- nixos-unstable-small 8.0.0
nixos-25.11 8.0.0
- nixos-25.11-small 8.0.0
- nixpkgs-25.11-darwin 8.0.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.offlineimap