Debian Balsa vulnerabilities

CVE-2020-16118 [HIGH] CVE-2020-16118: balsa - In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle ca... In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. Scope: local bookworm: resolved (fixed in 2.6.0-1) bullseye: resolved (fixed in 2.6.0-1) forky: resolved (fixed in 2.6.0-1) sid: resolved (fixed in 2.6.0

CVE-2007-1558 [LOW] CVE-2007-1558: balsa - The APOP protocol allows remote attackers to guess the first 3 characters of a p... The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8

CVE-2007-5007 [MEDIUM] CVE-2007-5007: balsa - Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 ... Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. Scope: local bookworm: resolved (fixed in 2.3.20-1) bullseye: resolved (fixed in 2.3.20-1) forky: resolved (fixed in 2.3.20-1) sid: resolved (fixed in 2.3.20-1) trixie: resolved (fixed in 2.3.

CVE-2003-0167 [HIGH] CVE-2003-0167: balsa - Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and ... Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. Scope: local bookworm: resolved (fixed in 2.0.10) bullseye: r