CVE-2021-38373 Name CVE-2021-38373 Description In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. Source CVE (at NVD ; CERT , LWN , oss-sec , fulldisc , Red Hat , Ubuntu , Gentoo , SUSE bugzilla /CVE , GitHub advisories /code /issues , web search , more )
Vulnerable and fixed packages The table below lists information on source packages.
Source Package Release Version Status ksmtp (PTS )bullseye 20.08.3-1 vulnerable bookworm, sid, trixie 22.12.3-1 fixed
The information below is based on the following data on fixed versions.
Package Type Release Fixed Version Urgency Origin Debian Bugs ksmtp source (unstable) 21.12.3-2
Notes [bullseye] - ksmtp <ignored> (Minor issue; Upstream changes change API) [buster] - ksmtp <ignored> (Minor issue; Upstream changes change API) https://bugs.kde.org/show_bug.cgi?id=423423 https://nostarttls.secvuln.info https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a