Msrc Cbl2 Fetchmail 6.4.22-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2021-39272 [MEDIUM] CWE-319 Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances such as a certain situation with IMAP and PREAUTH. Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances such as a certain situation with IMAP and PREAUTH. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cust

CVE-2021-36386 [HIGH] CWE-909 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow mail servers to cause a denial of service or possibly have unspe report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whet