[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#603450: offlineimap: fails check the remote servers ssl certificate is valid

severity 603450 important

On Sun, Nov 14, 2010 at 19:55:23 +1100, david b wrote:

> Package: offlineimap
> Severity: grave
> Tags: security
> Justification: user security hole
> offlineimap performs absolutely no ssl certificate checking. So users could/can be the victim of a man in the middle attack.

Long known/documented limitation, I don't think this is RC.  A fix can
still be considered either before release or for a point update.


Attachment: signature.asc
Description: Digital signature

Reply to: