Fedora has issued an advisory today (February 14):
The issue is fixed upstream in 1.584.
Mageia 3 and Mageia 4 are also affected.
Steps to Reproduce:
This has been assigned CVE-2014-2014:
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Updated imapsync package fixes security vulnerability:
In imapsync before 1.584, a certificate verification failure when using the
--tls option results in imapsync attempting a cleartext login (CVE-2014-2014).
Updated packages in core/updates_testing:
A quick test for imapsync from upstream project.
Copy sync_loop_unix.sh and file.txt in same directory and run:
It should create a directoru called LOG with all migrated data
Created attachment 5011 [details]
data to be migrated using imapsync
Created attachment 5012 [details]
script to migrate data using imapsync
I've used script and data at home on my own imap server using an existing user. Works here as expected on Mageia 4 64
Testing complete for imapsync-1.584-1.mga4, Ok for me.
Use Anne's script and procedure on comment 3.
Testing complete mga3 64
Testing complete mga3 32
Advisory uploaded. Validating.
Could sysadmin please push to 3 & 4 updates