On Sun, Feb 24, 2013 at 07:46:51PM +0100, Andreas Ericsson wrote:

> The lack of certificate authority verification presents no attack vector
> for git imap-send. As such, it doesn't warrant a CVE. I'm sure you'll
> be credited with a "reported-by" line in the commit message if someone
> decides to fix it though. Personally, I'm not fussed.

Sure it presents an attack vector. I can man-in-the-middle your
imap-send client and read your otherwise secret patches. Or your
otherwise secret imap password.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to