I was just able to reproduce this flaw with courier 0.66.1-1ubuntu4. There was a discussion on this issue on the courier mailing list providing some good insights:
http://sourceforge.net/p/courier/mailman/message/31522221/ If I understand that thread right this bug can be set to low importance or even be closed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1194892 Title: pop3 and imap tls plaintext command injection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/courier/+bug/1194892/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
