{"affected":[{"ecosystem_specific":{"binaries":[{"fetchmail":"6.4.22-20.20.1","fetchmailconf":"6.4.22-20.20.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"fetchmail","purl":"pkg:rpm/opensuse/fetchmail&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.4.22-20.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for fetchmail fixes the following issues:\n\n- CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875).\n- CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069).\n\n- Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059)\n- Remove all python2 dependencies (bsc#1190896).\n- De-hardcode /usr/lib path for launch executable (bsc#1174075).\n- Added hardening to systemd service(s) (bsc#1181400).\n  ","id":"openSUSE-SU-2021:4018-1","modified":"2021-12-14T07:58:47Z","published":"2021-12-14T07:58:47Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZEYREAP5E4PNL4UXB7R6OYSFSQ5VNFHB/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1152964"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174075"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188875"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190069"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190896"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-36386"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-39272"}],"related":["CVE-2021-36386","CVE-2021-39272"],"summary":"Security update for fetchmail","upstream":["CVE-2021-36386","CVE-2021-39272"]}