ArchLinux: 201902-22: msmtp: certificate verification bypass
Summary
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Resolution
Upgrade to 1.8.3-1.
# pacman -Syu "msmtp>=1.8.3-1"
The problem has been fixed upstream in version 1.8.3.
References
https://marlam.de/msmtp/news/ https://security.archlinux.org/CVE-2019-8337
Workaround
None.