Advisories ยป MGASA-2014-0127

Updated imapsync packages fix an information disclosure

Publication date: 12 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4279

Description

Updated imapsync package fixes security vulnerability:

Imapsync, by default, runs a "release check" when executed, which causes
imapsync to connect to http://imapsync.lamiral.info and send information
about the version of imapsync, the operating system and perl (CVE-2013-4279).

The imapsync package has been patched to disable this feature.
                

References

SRPMS

4/core

3/core