Debian Libesmtp vulnerabilities

CVE-2019-19977 [CRITICAL] CVE-2019-19977: libesmtp - libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntl... libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2010-1194 [MEDIUM] CVE-2010-1194: libesmtp - The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly ot... The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName. Scope: local bookworm: resolved (fixed in 1.0.4-2) bullseye: resolved (fixed in 1.0.4-2) forky: resolve

CVE-2010-1192 [MEDIUM] CVE-2010-1192: libesmtp - libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character ... libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Scope: local bookworm: re

CVE-2002-1090 [HIGH] CVE-2002-1090: libesmtp - Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 al... Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses. Scope: local bookworm: resolved (fixed in 0.8.11-1) bullseye: resolved (fixed in 0.8.11-1) forky: resolved (fixed in 0.8.11-1) sid: resolved (fixed in