Search for packages
Package details: pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1
purl pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1
Next non-vulnerable version 6.4.37-1
Latest non-vulnerable version 6.4.37-1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-m9t9-6w7g-n3cq
Aliases:
CVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
6.4.37-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-djfg-pkur-xbf7 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. CVE-2021-36386

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T14:17:37.184601+00:00 Debian Oval Importer Fixing VCID-djfg-pkur-xbf7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:50:11.215866+00:00 Debian Importer Affected by VCID-m9t9-6w7g-n3cq https://security-tracker.debian.org/tracker/data/json 37.0.0