This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201310-02">
<title>isync: Man-in-the-Middle attack</title>
<synopsis>A vulnerability in isync could allow remote attackers to perform
man-in-the-middle attacks.
</synopsis>
<producttype="ebuild">isync</product>
<announced>October 05, 2013</announced>
<revised>October 05, 2013: 1</revised>
<bug>458420</bug>
<access>remote</access>
<affected>
<packagename="net-mail/isync"auto="yes"arch="*">
<unaffectedrange="ge">1.0.6</unaffected>
<vulnerablerange="lt">1.0.6</vulnerable>
</package>
</affected>
<background>
<p>isync is an IMAP and MailDir mailbox synchronizer. </p>
</background>
<description>
<p>isync does not properly verify the server’s hostname against the CN
field in the SSL certificate.
</p>
</description>
<impacttype="low">
<p>A remote server could perform man-in-the-middle attacks to disclose
passwords or obtain other sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All isync users should upgrade to the latest version:</p>