Configure an IMAP server such that Sylpheed can connect via STARTTLS. When an attacker strips the STARTTLS capability from the server greeting and the response to the capability command, Sylpheed will not issue the STARTTLS command anymore and proceed with the login in plaintext. References: https://sylpheed.sraoss.jp/redmine/issues/322
Created sylpheed tracking bugs for this issue: Affects: epel-7 [bug 1995170] Affects: fedora-all [bug 1995169]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.