Marcus Meissner reported that the Claws Mail's RSSyl plug-in, an RSS feed aggregator, does not verify SSL certificates: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106 This allows for man-in-the-middle attacks. This issue was assigned CVE-2014-2576: http://seclists.org/oss-sec/2014/q1/636
Created claws-mail tracking bugs for this issue: Affects: fedora-all [bug 1081358] Affects: epel-all [bug 1081359]
ARRAY(0x558ebdcb1710)