DEBIAN-CVE-2019-8337

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2019-8337

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2019-8337

Upstream

CVE-2019-8337

Published

2019-02-13T20:29:00.193Z

Modified

2026-04-28T20:20:56.023454Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In msmtp 1.8.2 and mpop 1.4.3, when tlstrustfile has its default configuration, certificate-verification results are not properly checked.

References

https://security-tracker.debian.org/tracker/CVE-2019-8337

Affected packages

Debian:11

mpop

Package

Name: mpop
Purl: pkg:deb/debian/mpop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

msmtp

Package

Name: msmtp
Purl: pkg:deb/debian/msmtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

Debian:12

mpop

Package

Name: mpop
Purl: pkg:deb/debian/mpop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

msmtp

Package

Name: msmtp
Purl: pkg:deb/debian/msmtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

Debian:13

mpop

Package

Name: mpop
Purl: pkg:deb/debian/mpop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

msmtp

Package

Name: msmtp
Purl: pkg:deb/debian/msmtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

Debian:14

mpop

Package

Name: mpop
Purl: pkg:deb/debian/mpop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"

msmtp

Package

Name: msmtp
Purl: pkg:deb/debian/msmtp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-8337.json"