CVE-2010-4533

NameCVE-2010-4533
Descriptionofflineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs606962

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
offlineimapsource(unstable)6.3.4-1low606962

Notes

offlineimap uses the "ssl" standard lib in Python, marking the version of offlineimap in wheezy as fixed
[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)

Search for package or bug name: Reporting problems