A vulnerability in isync could allow remote attackers to perform man-in-the-middle attacks.
|Package||net-mail/isync on all architectures|
|Affected versions||< 1.0.6|
|Unaffected versions||>= 1.0.6|
isync is an IMAP and MailDir mailbox synchronizer.
isync does not properly verify the server’s hostname against the CN field in the SSL certificate.
A remote server could perform man-in-the-middle attacks to disclose passwords or obtain other sensitive information.
There is no known workaround at this time.
All isync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/isync-1.0.6"
October 05, 2013
October 05, 2013: 1