Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15917 (GCVE-0-2020-15917)
Vulnerability from cvelistv5
Published
2020-07-23 18:06
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES", }, { name: "GLSA-202007-56", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-56", }, { name: "openSUSE-SU-2020:1116", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { name: "FEDORA-2020-2def860ce7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { name: "FEDORA-2020-fe6c1a9c16", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { name: "openSUSE-SU-2020:1139", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { name: "openSUSE-SU-2020:1269", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { name: "openSUSE-SU-2020:1192", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { name: "openSUSE-SU-2020:1822", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-03T06:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { tags: [ "x_refsource_MISC", ], url: "https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES", }, { name: "GLSA-202007-56", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-56", }, { name: "openSUSE-SU-2020:1116", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { name: "FEDORA-2020-2def860ce7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { name: "FEDORA-2020-fe6c1a9c16", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { name: "openSUSE-SU-2020:1139", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { name: "openSUSE-SU-2020:1269", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { name: "openSUSE-SU-2020:1192", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { name: "openSUSE-SU-2020:1822", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", refsource: "MISC", url: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { name: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", refsource: "MISC", url: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", }, { name: "GLSA-202007-56", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-56", }, { name: "openSUSE-SU-2020:1116", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { name: "FEDORA-2020-2def860ce7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { name: "FEDORA-2020-fe6c1a9c16", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { name: "openSUSE-SU-2020:1139", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { name: "openSUSE-SU-2020:1269", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { name: "openSUSE-SU-2020:1192", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { name: "openSUSE-SU-2020:1822", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15917", datePublished: "2020-07-23T18:06:26", dateReserved: "2020-07-23T00:00:00", dateUpdated: "2024-08-04T13:30:23.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.17.6\", \"matchCriteriaId\": \"C04E05AD-6F5B-4DF8-BD31-E231E0AD45F5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40513095-7E6E-46B3-B604-C926F1BA3568\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"67E82302-4B77-44F3-97B1-24C18AC4A35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.\"}, {\"lang\": \"es\", \"value\": \"El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violaci\\u00f3n de protocolo porque los datos del sufijo despu\\u00e9s de STARTTLS son manejados inapropiadamente\"}]", id: "CVE-2020-15917", lastModified: "2024-11-21T05:06:26.670", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2020-07-23T19:15:10.137", references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-56\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2020-15917\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-07-23T19:15:10.137\",\"lastModified\":\"2024-11-21T05:06:26.670\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.\"},{\"lang\":\"es\",\"value\":\"El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.17.6\",\"matchCriteriaId\":\"C04E05AD-6F5B-4DF8-BD31-E231E0AD45F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40513095-7E6E-46B3-B604-C926F1BA3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E82302-4B77-44F3-97B1-24C18AC4A35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202007-56\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202007-56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
ghsa-9rxj-vjg6-w53x
Vulnerability from github
Published
2022-05-24 17:24
Modified
2022-11-16 12:00
Severity ?
Details
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
{ affected: [], aliases: [ "CVE-2020-15917", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2020-07-23T19:15:00Z", severity: "CRITICAL", }, details: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", id: "GHSA-9rxj-vjg6-w53x", modified: "2022-11-16T12:00:19Z", published: "2022-05-24T17:24:16Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-15917", }, { type: "WEB", url: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", }, { type: "WEB", url: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202007-56", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
opensuse-su-2020:1269-1
Vulnerability from csaf_opensuse
Published
2020-08-27 04:21
Modified
2020-08-27 04:21
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-1269
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\n- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1269", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1269-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1269-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KDC7A34CJH6GSSHTZVUWPFP3DTSRITIB/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1269-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KDC7A34CJH6GSSHTZVUWPFP3DTSRITIB/", }, { category: "self", summary: "SUSE Bug 1174457", url: "https://bugzilla.suse.com/1174457", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2020-08-27T04:21:24Z", generator: { date: "2020-08-27T04:21:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1269-1", initial_release_date: "2020-08-27T04:21:24Z", revision_history: [ { date: "2020-08-27T04:21:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-lang-3.17.3-bp151.3.3.1.noarch", product: { name: "claws-mail-lang-3.17.3-bp151.3.3.1.noarch", product_id: "claws-mail-lang-3.17.3-bp151.3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.3-bp151.3.3.1.x86_64", product: { name: "claws-mail-3.17.3-bp151.3.3.1.x86_64", product_id: "claws-mail-3.17.3-bp151.3.3.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", product: { name: "claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", product_id: "claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP1", product: { name: "SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.3-bp151.3.3.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-3.17.3-bp151.3.3.1.x86_64", }, product_reference: "claws-mail-3.17.3-bp151.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.3-bp151.3.3.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", }, product_reference: "claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.3-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.3-bp151.3.3.1.noarch", }, product_reference: "claws-mail-lang-3.17.3-bp151.3.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.3-bp151.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.3-bp151.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.3-bp151.3.3.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.3-bp151.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-08-27T04:21:24Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2020:1139-1
Vulnerability from csaf_opensuse
Published
2020-08-03 12:23
Modified
2020-08-03 12:23
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- Update to 3.17.6:
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).
Patchnames
openSUSE-2020-1139
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\n- Update to 3.17.6:\n * It is now possible to 'Inherit Folder properties and processing\n rules from parent folder' when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n 'None' and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1139", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1139-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1139-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VZI6IM4FOADBLISYX3SV7H6LHDM5EBO/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1139-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VZI6IM4FOADBLISYX3SV7H6LHDM5EBO/", }, { category: "self", summary: "SUSE Bug 1174457", url: "https://bugzilla.suse.com/1174457", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2020-08-03T12:23:30Z", generator: { date: "2020-08-03T12:23:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1139-1", initial_release_date: "2020-08-03T12:23:30Z", revision_history: [ { date: "2020-08-03T12:23:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-lang-3.17.6-lp152.3.3.1.noarch", product: { name: "claws-mail-lang-3.17.6-lp152.3.3.1.noarch", product_id: "claws-mail-lang-3.17.6-lp152.3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.6-lp152.3.3.1.x86_64", product: { name: "claws-mail-3.17.6-lp152.3.3.1.x86_64", product_id: "claws-mail-3.17.6-lp152.3.3.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", product: { name: "claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", product_id: "claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.6-lp152.3.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.17.6-lp152.3.3.1.x86_64", }, product_reference: "claws-mail-3.17.6-lp152.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.6-lp152.3.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", }, product_reference: "claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.6-lp152.3.3.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-lang-3.17.6-lp152.3.3.1.noarch", }, product_reference: "claws-mail-lang-3.17.6-lp152.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:claws-mail-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.6-lp152.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:claws-mail-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.6-lp152.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:claws-mail-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.6-lp152.3.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.6-lp152.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-08-03T12:23:30Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2021:1045-1
Vulnerability from csaf_opensuse
Published
2021-07-15 22:06
Modified
2021-07-15 22:06
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
Update to 3.18.0
* Support for the OAuth2 authorisation protocol has been added for
IMAP, POP and SMTP using custom, user-generated client IDs.
OAuth2 preferences are found in the Account Preferences on the
Receive page (for POP: Authenticate before POP connection, for
IMAP: Authentication method); the Send page (SMTP authentication:
Authentication method); and on a dedicated OAuth2 page.
* The option 'Save (X-)Face in address book if possible' has been
added to the /Message View/Text Options preferences page.
Previously the (X-)Face would be saved automatically, therefore
this option is turned on by default.
* The Image Viewer has been reworked. New options have been added to
/Message View/Image Viewer: when resizing images, either fit the
image width or fit the image height to the available space.
Fitting the image height is the default. Regardless of this
setting, when displaying images inline they will fit the height.
When displaying an image, left-clicking the image will toggle
between full size and reduced size; right-clicking will toggle
between fitting the height and fitting the width.
* When re-editing a saved message, it is now possible to use
/Options/Remove References.
* It is now possible to attempt to retrieve a missing GPG key via
WKD.
* The man page has been updated.
* Updated translations: Brazilian Portuguese, British English,
Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian,
Slovak, Spanish, Traditional Chinese, Turkish.
* bug fixes: claws#2411, claws#4326, claws#4394, claws#4431,
claws#4445, claws#4447, claws#4455, claws#4473
- stop WM's X button from causing GPG key fetch attempt
- Make fancy respect default font size for messageview
- harden link checker before accepting click
- non-display of (X-)Face when prefs_common.enable_avatars
is AVATARS_ENABLE_RENDER (2)
- debian bug #983778, 'Segfault on selecting empty 'X-Face'
custom header'
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
Bug fixes:
* bug 3922, 'minimize to tray on startup not working'
* bug 4220, 'generates files in cache without content'
* bug 4325, 'Following redirects when retrieving image'
* bug 4342, 'Import mbox file command doesn't work twice on a row'
* fix STARTTLS protocol violation CVE-2020-15917 boo#1174457)
* fix initial debug line
* fix fat-fingered crash when v (hiding msgview) is pressed
just before c (check signature)
* fix non-translation of some Templates strings
Patchnames
openSUSE-2021-1045
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\nUpdate to 3.18.0\n\n * Support for the OAuth2 authorisation protocol has been added for\n IMAP, POP and SMTP using custom, user-generated client IDs.\n OAuth2 preferences are found in the Account Preferences on the\n Receive page (for POP: Authenticate before POP connection, for\n IMAP: Authentication method); the Send page (SMTP authentication:\n Authentication method); and on a dedicated OAuth2 page.\n * The option 'Save (X-)Face in address book if possible' has been\n added to the /Message View/Text Options preferences page.\n Previously the (X-)Face would be saved automatically, therefore\n this option is turned on by default.\n * The Image Viewer has been reworked. New options have been added to\n /Message View/Image Viewer: when resizing images, either fit the\n image width or fit the image height to the available space.\n Fitting the image height is the default. Regardless of this\n setting, when displaying images inline they will fit the height.\n When displaying an image, left-clicking the image will toggle\n between full size and reduced size; right-clicking will toggle\n between fitting the height and fitting the width.\n * When re-editing a saved message, it is now possible to use\n /Options/Remove References.\n * It is now possible to attempt to retrieve a missing GPG key via\n WKD.\n * The man page has been updated.\n * Updated translations: Brazilian Portuguese, British English,\n Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian,\n Slovak, Spanish, Traditional Chinese, Turkish.\n * bug fixes: claws#2411, claws#4326, claws#4394, claws#4431,\n claws#4445, claws#4447, claws#4455, claws#4473\n - stop WM's X button from causing GPG key fetch attempt\n - Make fancy respect default font size for messageview\n - harden link checker before accepting click\n - non-display of (X-)Face when prefs_common.enable_avatars\n is AVATARS_ENABLE_RENDER (2)\n - debian bug #983778, 'Segfault on selecting empty 'X-Face'\n custom header'\n\n * It is now possible to 'Inherit Folder properties and processing\n rules from parent folder' when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n 'None' and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n\n Bug fixes:\n\n * bug 3922, 'minimize to tray on startup not working'\n * bug 4220, 'generates files in cache without content'\n * bug 4325, 'Following redirects when retrieving image'\n * bug 4342, 'Import mbox file command doesn't work twice on a row'\n * fix STARTTLS protocol violation CVE-2020-15917 boo#1174457)\n * fix initial debug line\n * fix fat-fingered crash when v (hiding msgview) is pressed\n just before c (check signature)\n * fix non-translation of some Templates strings\n\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-1045", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1045-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:1045-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VE6WDEXX6HETWFB6EGOWAEY6QQSAI6E/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:1045-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VE6WDEXX6HETWFB6EGOWAEY6QQSAI6E/", }, { category: "self", summary: "SUSE Bug 1174457", url: "https://bugzilla.suse.com/1174457", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2021-07-15T22:06:35Z", generator: { date: "2021-07-15T22:06:35Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:1045-1", initial_release_date: "2021-07-15T22:06:35Z", revision_history: [ { date: "2021-07-15T22:06:35Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-3.18.0-bp153.2.3.1.aarch64", product: { name: "claws-mail-3.18.0-bp153.2.3.1.aarch64", product_id: "claws-mail-3.18.0-bp153.2.3.1.aarch64", }, }, { category: "product_version", name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", product: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", product_id: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", product: { name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", product_id: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", product: { name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", product_id: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", }, }, { category: "product_version", name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", product: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", product_id: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "claws-mail-3.18.0-bp153.2.3.1.s390x", product: { name: "claws-mail-3.18.0-bp153.2.3.1.s390x", product_id: "claws-mail-3.18.0-bp153.2.3.1.s390x", }, }, { category: "product_version", name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", product: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", product_id: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "claws-mail-3.18.0-bp153.2.3.1.x86_64", product: { name: "claws-mail-3.18.0-bp153.2.3.1.x86_64", product_id: "claws-mail-3.18.0-bp153.2.3.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", product: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", product_id: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP2", product: { name: "SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2", }, }, { category: "product_name", name: "SUSE Package Hub 15 SP3", product: { name: "SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3", }, }, { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", }, product_reference: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", }, product_reference: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", }, product_reference: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", }, product_reference: "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", }, product_reference: "claws-mail-lang-3.18.0-bp153.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x", "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64", "openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-07-15T22:06:35Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2020:1116-1
Vulnerability from csaf_opensuse
Published
2020-07-31 14:30
Modified
2020-07-31 14:30
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).
Patchnames
openSUSE-2020-1116
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\n- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1116", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1116-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1116-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZEDQ22SMIT6BH5HL2OGDYUWITQ5N5OY/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1116-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZEDQ22SMIT6BH5HL2OGDYUWITQ5N5OY/", }, { category: "self", summary: "SUSE Bug 1174457", url: "https://bugzilla.suse.com/1174457", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2020-07-31T14:30:02Z", generator: { date: "2020-07-31T14:30:02Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1116-1", initial_release_date: "2020-07-31T14:30:02Z", revision_history: [ { date: "2020-07-31T14:30:02Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-lang-3.17.3-lp151.2.3.1.noarch", product: { name: "claws-mail-lang-3.17.3-lp151.2.3.1.noarch", product_id: "claws-mail-lang-3.17.3-lp151.2.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.3-lp151.2.3.1.x86_64", product: { name: "claws-mail-3.17.3-lp151.2.3.1.x86_64", product_id: "claws-mail-3.17.3-lp151.2.3.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", product: { name: "claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", product_id: "claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.3-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-3.17.3-lp151.2.3.1.x86_64", }, product_reference: "claws-mail-3.17.3-lp151.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.3-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", }, product_reference: "claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.3-lp151.2.3.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-lang-3.17.3-lp151.2.3.1.noarch", }, product_reference: "claws-mail-lang-3.17.3-lp151.2.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:claws-mail-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.3-lp151.2.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:claws-mail-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.3-lp151.2.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:claws-mail-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.3-lp151.2.3.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.3-lp151.2.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-07-31T14:30:02Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2020:1192-1
Vulnerability from csaf_opensuse
Published
2020-08-12 10:24
Modified
2020-08-12 10:24
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- Update to 3.17.6:
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patchnames
openSUSE-2020-1192
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\n- Update to 3.17.6:\n * It is now possible to 'Inherit Folder properties and processing\n rules from parent folder' when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n 'None' and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n- CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled (boo#1174457).\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1192", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1192-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1192-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7225RKUAEWWZOB442JKYYX2AXX7OYI6G/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1192-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7225RKUAEWWZOB442JKYYX2AXX7OYI6G/", }, { category: "self", summary: "SUSE Bug 1174457", url: "https://bugzilla.suse.com/1174457", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2020-08-12T10:24:31Z", generator: { date: "2020-08-12T10:24:31Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1192-1", initial_release_date: "2020-08-12T10:24:31Z", revision_history: [ { date: "2020-08-12T10:24:31Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-3.17.6-bp152.3.3.1.aarch64", product: { name: "claws-mail-3.17.6-bp152.3.3.1.aarch64", product_id: "claws-mail-3.17.6-bp152.3.3.1.aarch64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", product: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", product_id: "claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "claws-mail-lang-3.17.6-bp152.3.3.1.noarch", product: { name: "claws-mail-lang-3.17.6-bp152.3.3.1.noarch", product_id: "claws-mail-lang-3.17.6-bp152.3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.6-bp152.3.3.1.ppc64le", product: { name: "claws-mail-3.17.6-bp152.3.3.1.ppc64le", product_id: "claws-mail-3.17.6-bp152.3.3.1.ppc64le", }, }, { category: "product_version", name: "claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", product: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", product_id: "claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.6-bp152.3.3.1.s390x", product: { name: "claws-mail-3.17.6-bp152.3.3.1.s390x", product_id: "claws-mail-3.17.6-bp152.3.3.1.s390x", }, }, { category: "product_version", name: "claws-mail-devel-3.17.6-bp152.3.3.1.s390x", product: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.s390x", product_id: "claws-mail-devel-3.17.6-bp152.3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.6-bp152.3.3.1.x86_64", product: { name: "claws-mail-3.17.6-bp152.3.3.1.x86_64", product_id: "claws-mail-3.17.6-bp152.3.3.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", product: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", product_id: "claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP2", product: { name: "SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.6-bp152.3.3.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.aarch64", }, product_reference: "claws-mail-3.17.6-bp152.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.6-bp152.3.3.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.ppc64le", }, product_reference: "claws-mail-3.17.6-bp152.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.6-bp152.3.3.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.s390x", }, product_reference: "claws-mail-3.17.6-bp152.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.6-bp152.3.3.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.x86_64", }, product_reference: "claws-mail-3.17.6-bp152.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", }, product_reference: "claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", }, product_reference: "claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.s390x", }, product_reference: "claws-mail-devel-3.17.6-bp152.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.6-bp152.3.3.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", }, product_reference: "claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.6-bp152.3.3.1.noarch as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.6-bp152.3.3.1.noarch", }, product_reference: "claws-mail-lang-3.17.6-bp152.3.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.6-bp152.3.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.6-bp152.3.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.6-bp152.3.3.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.6-bp152.3.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-08-12T10:24:31Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2020:1822-1
Vulnerability from csaf_opensuse
Published
2020-11-02 23:25
Modified
2020-11-02 23:25
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- Additional cleanup of the template handling
claws-mail was updated to 3.17.8 (boo#1177967)
* Shielded template's |program{} and |attach_program{} so that the
command-line that is executed does not allow sequencing such as
with && || ;, preventing possible execution of nasty, or at least
unexpected, commands
* bug fixes: claws#4376
* updated English, French, and Spanish manuals
- Update to 3.17.7
* Image Viewer: Image attachments, when displayed, are now resized
to fit the available width rather than the available height.
* -d is now an alias to --debug.
* Libravatar plugin: New styles supported: Robohash and Pagan.
* SpamAssassin plugin: The 'Maximum size' option now matches
SpamAssassin's maximum; it can now handle messages up to 256MB.
* LiteHTML viewer plugin: The UI is now translatable.
Bug fixes:
* bug 4313, 'Recursion stack overflow with rebuilding folder
tree'
* bug 4372, '[pl_PL] Crash after 'Send later' without
recipient and then 'Close''
* bug 4373, 'attach mailto URI double free'
* bug 4374, 'insert mailto URI misses checks'
* bug 4384, 'U+00AD (soft hyphen) changed to space in
Subject'
* bug 4386, 'Allow Sieve config without userid without
warning'
* Add missing SSL settings when cloning accounts.
* Parsing of command-line arguments.
* PGP Core plugin: fix segv in address completion with a
keyring.
* Libravatar plugin: fixes to image display.
- Disable python-gtk plugin on suse_version > 1500: still relying
on python2, which is EOL.
- Update to 3.17.6:
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
Bug fixes:
* bug 3922, 'minimize to tray on startup not working'
* bug 4220, 'generates files in cache without content'
* bug 4325, 'Following redirects when retrieving image'
* bug 4342, 'Import mbox file command doesn't work twice on a row'
* fix STARTTLS protocol violation
* fix initial debug line
* fix fat-fingered crash when v (hiding msgview) is pressed
just before c (check signature)
* fix non-translation of some Templates strings
- Update to 3.17.5
+ Inline Git patches now have colour syntax highlighting
The colours of these, and patch attachments, are configurable on
the 'Other' tab of the Display/Colors page of the general
preferences.
+ The previously hidden preference, 'summary_from_show', is now
configurable within the UI, on the 'Message List' tab of the
Display/Summaries page of the general preferences, 'Displayed in
From column [ ]'.
+ 'Re-edit' has been added to the message context menu when in the
Drafts folder.
+ Additional Date header formats are supported:
- weekday, month, day, hh, mm, ss, year, zone
- weekday, month, day, hh, mm, ss, year
+ LiteHtml viewer plugin: scrolling with the keyboard has been
implemented.
+ The included tools/scripts have been updated:
- eud2gc.py converted to Python 3
- tbird2claws.py converted to Python 3
- tbird2claws.py converted to Python 3
- google_search.pl has been replaced with ddg_search.pl (that is,
duckduckgo.com instead of google.com)
- fix_date.sh and its documentation have been updated
- multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google'
has been replaced by 'ddg'
- the outdated OOo2claws-mail.pl script has been removed
+ Updated manuals
+ Updated translations: British English, Catalan, Czech, Danish,
Dutch, French, German, Russian, Slovak, Spanish, Swedish,
Traditional Chinese, Turkish
+ bug fixes: claws#2131, claws#4237, claws#4239, claws#4248,
claws#4253, claws#4257, claws#4277, claws#4278, claws#4305
+ Misc bugs fixed:
- Fix crash in litehtml_viewer when tag has no href
- removed 'The following file has been attached...' dialogue
- MBOX import: give a better estimation of the time left and
grey out widgets while importing
- Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate
before terminating nul copying as many bytes from a string
as its length'
- RSSyl: Fix handling deleted feed items where modified and
published dates do not match
- fix bolding of target folder
- when creating a new account, don't pre-fill data from the
default account
- respect 'default selection' settings when moving a msg with
manual filtering
- Fix printing of empty pages when the selected part is
rendered with a plugin not implementing print
- Addressbook folder selection dialogs: make sure folder list
is sorted and apply global prefs to get stripes in lists.
- when user cancels the GPG signing passphrase dialogue,
don't bother the user with an 'error' dialogue
- Fix imap keyword search. Libetpan assumes keyword search is
a MUST but RFC states it is a MAY. Fix advanced search on
MS Exchange
- fix SHIFT+SPACE in msg list, moving in reverse
- revert pasting images as attachments
- Fix help about command-line arguments that require a
parameter.
- Printing: only print as plain text if the part is of type
text
- fix a segfault with default info icon when trying to print
a non-text part.
- Add a test on build-time libetpan version to require the proper
version at run-time (boo#1157594)
- Move 'Mark all read/unread' menu entries where they belong.
remove-MarkAll-from-message-menu.patch (claws#4278)
add-MarkAll-to-folder-menu.patch (claws#4278)
- Make litehtml plugin build on Tumbleweed.
- Update to 3.17.4:
* New HTML viewer plugin: Litehtml viewer
* Added option 'Enable keyboard shortcuts' to the 'Keyboard
shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous
* Compose: implemented copying of attached images to clipboard
* Compose: images and text/uri-list (files) can now be attached by
pasting into the Compose window
* Python plugin: window sizes are now remembered for the Python
console, the 'Open URLs' and the 'Set mailbox order' windows.
* Fancy plugin: the download-link feature now follows redirections
* MBOX export: the Enter key in the dialogue now starts the export
* The date (ISO format) has been added to log timestamps
* Update translations
- bug 1920, 'No automatic NNTP filtering'
- bug 2045, 'address book blocks focus on email window'
- bug 2131, 'Focus stealing after mail check'
- bug 2627, 'Filtering does not work on NNTP'
- bug 3070, 'misbehaving text wrapping when URL chars are present'
- bug 3838, 'Canceled right-click on message list leaves UI
in inconsistent state'
- bug 3977, 'Fix crashes when some external APIs fail'
- bug 3979, 'Hang (with killing needed) during action which
extracts attachments'
- bug 4029, 'segfault after deleting message in a window'
- bug 4031, 'fingerprint in SSL/TLS certificates for ...
(regress error)'
- bug 4037, 'Fix some small issues'
- bug 4142, 'Translation error on Russian'
- bug 4145, 'proxy server for sending doesn't work'
- bug 4155, 'remember directory of last saving'
- bug 4166, 'corrupted double-linked list'
- bug 4167, 'Max line length exceeded when forwarding mail'
- bug 4188, 'STL file is sent not as an attachment but as its
base64 representation in plaintext'
- CID 1442278, 'impossible to trigger buffer overflow'
- Make key accelerators from menu work in addressbook window
- save checkbox choices of display/summaries/defaults prefs
- Do not throw an error when cancelling 'Save email as...'.
- occasional crash on drag'n'drop of msgs
- possible stack overflow in vcalendar's Curl data handler
- crash when LDAP address source is defined in index, but
- support is disabled
- crash in Fancy plugin if one of the MIME parts has no
- -ID
- a few small memory leaks in scan_mailto_url()
- configure script for rare cases where python is not
installed
- incorrect charset conversion in sc_html_read_line().
- markup in 'key not fully trusted' warning in pgpcore
- use after free in rare code path in rssyl_subscribe()
- several memory leaks
- verify_folderlist_xml() for fresh starts
- printf formats for size_t and goffset arguments.
- alertpanel API use in win32 part of mimeview.c
- pid handling in debug output of kill_children_cb()
- incorrect pointer arithmetic in w32_filesel.c
Patchnames
openSUSE-2020-1822
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for claws-mail", title: "Title of the patch", }, { category: "description", text: "This update for claws-mail fixes the following issues:\n\n- Additional cleanup of the template handling\n\nclaws-mail was updated to 3.17.8 (boo#1177967)\n\n * Shielded template's |program{} and |attach_program{} so that the\n command-line that is executed does not allow sequencing such as\n with && || ;, preventing possible execution of nasty, or at least\n unexpected, commands\n * bug fixes: claws#4376\n * updated English, French, and Spanish manuals\n\n- Update to 3.17.7 \n\n * Image Viewer: Image attachments, when displayed, are now resized\n to fit the available width rather than the available height.\n * -d is now an alias to --debug.\n * Libravatar plugin: New styles supported: Robohash and Pagan.\n * SpamAssassin plugin: The 'Maximum size' option now matches\n SpamAssassin's maximum; it can now handle messages up to 256MB.\n * LiteHTML viewer plugin: The UI is now translatable.\n Bug fixes:\n * bug 4313, 'Recursion stack overflow with rebuilding folder\n tree'\n * bug 4372, '[pl_PL] Crash after 'Send later' without\n recipient and then 'Close''\n * bug 4373, 'attach mailto URI double free'\n * bug 4374, 'insert mailto URI misses checks'\n * bug 4384, 'U+00AD (soft hyphen) changed to space in\n Subject'\n * bug 4386, 'Allow Sieve config without userid without\n warning'\n * Add missing SSL settings when cloning accounts.\n * Parsing of command-line arguments.\n * PGP Core plugin: fix segv in address completion with a\n keyring.\n * Libravatar plugin: fixes to image display.\n\n- Disable python-gtk plugin on suse_version > 1500: still relying\n on python2, which is EOL.\n\n- Update to 3.17.6:\n\n * It is now possible to 'Inherit Folder properties and processing\n rules from parent folder' when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n 'None' and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n Bug fixes:\n * bug 3922, 'minimize to tray on startup not working'\n * bug 4220, 'generates files in cache without content'\n * bug 4325, 'Following redirects when retrieving image'\n * bug 4342, 'Import mbox file command doesn't work twice on a row'\n * fix STARTTLS protocol violation\n * fix initial debug line\n * fix fat-fingered crash when v (hiding msgview) is pressed\n just before c (check signature)\n * fix non-translation of some Templates strings\n\n\n- Update to 3.17.5\n\n + Inline Git patches now have colour syntax highlighting\n The colours of these, and patch attachments, are configurable on\n the 'Other' tab of the Display/Colors page of the general\n preferences.\n + The previously hidden preference, 'summary_from_show', is now\n configurable within the UI, on the 'Message List' tab of the\n Display/Summaries page of the general preferences, 'Displayed in\n From column [ ]'.\n + 'Re-edit' has been added to the message context menu when in the\n Drafts folder.\n + Additional Date header formats are supported:\n - weekday, month, day, hh, mm, ss, year, zone\n - weekday, month, day, hh, mm, ss, year\n + LiteHtml viewer plugin: scrolling with the keyboard has been\n implemented.\n + The included tools/scripts have been updated:\n - eud2gc.py converted to Python 3\n - tbird2claws.py converted to Python 3\n - tbird2claws.py converted to Python 3\n - google_search.pl has been replaced with ddg_search.pl (that is,\n duckduckgo.com instead of google.com)\n - fix_date.sh and its documentation have been updated \n - multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google'\n has been replaced by 'ddg'\n - the outdated OOo2claws-mail.pl script has been removed\n + Updated manuals\n + Updated translations: British English, Catalan, Czech, Danish,\n Dutch, French, German, Russian, Slovak, Spanish, Swedish,\n Traditional Chinese, Turkish\n + bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, \n claws#4253, claws#4257, claws#4277, claws#4278, claws#4305\n + Misc bugs fixed:\n - Fix crash in litehtml_viewer when tag has no href\n - removed 'The following file has been attached...' dialogue\n - MBOX import: give a better estimation of the time left and\n grey out widgets while importing\n - Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate \n before terminating nul copying as many bytes from a string\n as its length'\n - RSSyl: Fix handling deleted feed items where modified and\n published dates do not match \n - fix bolding of target folder\n - when creating a new account, don't pre-fill data from the\n default account\n - respect 'default selection' settings when moving a msg with\n manual filtering\n - Fix printing of empty pages when the selected part is\n rendered with a plugin not implementing print\n - Addressbook folder selection dialogs: make sure folder list\n is sorted and apply global prefs to get stripes in lists.\n - when user cancels the GPG signing passphrase dialogue,\n don't bother the user with an 'error' dialogue\n - Fix imap keyword search. Libetpan assumes keyword search is\n a MUST but RFC states it is a MAY. Fix advanced search on\n MS Exchange\n - fix SHIFT+SPACE in msg list, moving in reverse\n - revert pasting images as attachments\n - Fix help about command-line arguments that require a\n parameter.\n - Printing: only print as plain text if the part is of type\n text\n - fix a segfault with default info icon when trying to print\n a non-text part.\n\n- Add a test on build-time libetpan version to require the proper\n version at run-time (boo#1157594)\n\n- Move 'Mark all read/unread' menu entries where they belong.\n remove-MarkAll-from-message-menu.patch (claws#4278)\n add-MarkAll-to-folder-menu.patch (claws#4278)\n\n- Make litehtml plugin build on Tumbleweed.\n\n- Update to 3.17.4:\n\n * New HTML viewer plugin: Litehtml viewer\n * Added option 'Enable keyboard shortcuts' to the 'Keyboard\n shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous\n * Compose: implemented copying of attached images to clipboard\n * Compose: images and text/uri-list (files) can now be attached by\n pasting into the Compose window\n * Python plugin: window sizes are now remembered for the Python\n console, the 'Open URLs' and the 'Set mailbox order' windows.\n * Fancy plugin: the download-link feature now follows redirections\n * MBOX export: the Enter key in the dialogue now starts the export\n * The date (ISO format) has been added to log timestamps\n * Update translations\n - bug 1920, 'No automatic NNTP filtering'\n - bug 2045, 'address book blocks focus on email window'\n - bug 2131, 'Focus stealing after mail check'\n - bug 2627, 'Filtering does not work on NNTP'\n - bug 3070, 'misbehaving text wrapping when URL chars are present'\n - bug 3838, 'Canceled right-click on message list leaves UI\n in inconsistent state'\n - bug 3977, 'Fix crashes when some external APIs fail'\n - bug 3979, 'Hang (with killing needed) during action which\n extracts attachments'\n - bug 4029, 'segfault after deleting message in a window'\n - bug 4031, 'fingerprint in SSL/TLS certificates for ...\n (regress error)'\n - bug 4037, 'Fix some small issues'\n - bug 4142, 'Translation error on Russian'\n - bug 4145, 'proxy server for sending doesn't work'\n - bug 4155, 'remember directory of last saving'\n - bug 4166, 'corrupted double-linked list'\n - bug 4167, 'Max line length exceeded when forwarding mail'\n - bug 4188, 'STL file is sent not as an attachment but as its\n base64 representation in plaintext'\n - CID 1442278, 'impossible to trigger buffer overflow'\n - Make key accelerators from menu work in addressbook window\n - save checkbox choices of display/summaries/defaults prefs\n - Do not throw an error when cancelling 'Save email as...'.\n - occasional crash on drag'n'drop of msgs\n - possible stack overflow in vcalendar's Curl data handler\n - crash when LDAP address source is defined in index, but\n - support is disabled\n - crash in Fancy plugin if one of the MIME parts has no\n - -ID\n - a few small memory leaks in scan_mailto_url()\n - configure script for rare cases where python is not\n installed\n - incorrect charset conversion in sc_html_read_line().\n - markup in 'key not fully trusted' warning in pgpcore\n - use after free in rare code path in rssyl_subscribe()\n - several memory leaks\n - verify_folderlist_xml() for fresh starts\n - printf formats for size_t and goffset arguments.\n - alertpanel API use in win32 part of mimeview.c\n - pid handling in debug output of kill_children_cb()\n - incorrect pointer arithmetic in w32_filesel.c\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2020-1822", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1822-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2020:1822-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2020:1822-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/", }, { category: "self", summary: "SUSE Bug 1157594", url: "https://bugzilla.suse.com/1157594", }, { category: "self", summary: "SUSE Bug 1177967", url: "https://bugzilla.suse.com/1177967", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "Security update for claws-mail", tracking: { current_release_date: "2020-11-02T23:25:05Z", generator: { date: "2020-11-02T23:25:05Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2020:1822-1", initial_release_date: "2020-11-02T23:25:05Z", revision_history: [ { date: "2020-11-02T23:25:05Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-3.17.8-bp152.3.6.1.aarch64", product: { name: "claws-mail-3.17.8-bp152.3.6.1.aarch64", product_id: "claws-mail-3.17.8-bp152.3.6.1.aarch64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", product: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", product_id: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", product: { name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", product_id: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", product: { name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", product_id: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", }, }, { category: "product_version", name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", product: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", product_id: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.8-bp152.3.6.1.s390x", product: { name: "claws-mail-3.17.8-bp152.3.6.1.s390x", product_id: "claws-mail-3.17.8-bp152.3.6.1.s390x", }, }, { category: "product_version", name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", product: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", product_id: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "claws-mail-3.17.8-bp152.3.6.1.x86_64", product: { name: "claws-mail-3.17.8-bp152.3.6.1.x86_64", product_id: "claws-mail-3.17.8-bp152.3.6.1.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", product: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", product_id: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP1", product: { name: "SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1", }, }, { category: "product_name", name: "SUSE Package Hub 15 SP2", product: { name: "SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2", }, }, { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", }, product_reference: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", }, product_reference: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", }, product_reference: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.s390x", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", }, product_reference: "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", }, product_reference: "claws-mail-lang-3.17.8-bp152.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x", "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64", "openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-11-02T23:25:05Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
opensuse-su-2024:10686-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
claws-mail-4.0.0-2.5 on GA media
Notes
Title of the patch
claws-mail-4.0.0-2.5 on GA media
Description of the patch
These are all security issues fixed in the claws-mail-4.0.0-2.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10686
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "claws-mail-4.0.0-2.5 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the claws-mail-4.0.0-2.5 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10686", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10686-1.json", }, { category: "self", summary: "SUSE CVE CVE-2007-1558 page", url: "https://www.suse.com/security/cve/CVE-2007-1558/", }, { category: "self", summary: "SUSE CVE CVE-2020-15917 page", url: "https://www.suse.com/security/cve/CVE-2020-15917/", }, ], title: "claws-mail-4.0.0-2.5 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10686-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "claws-mail-4.0.0-2.5.aarch64", product: { name: "claws-mail-4.0.0-2.5.aarch64", product_id: "claws-mail-4.0.0-2.5.aarch64", }, }, { category: "product_version", name: "claws-mail-devel-4.0.0-2.5.aarch64", product: { name: "claws-mail-devel-4.0.0-2.5.aarch64", product_id: "claws-mail-devel-4.0.0-2.5.aarch64", }, }, { category: "product_version", name: "claws-mail-lang-4.0.0-2.5.aarch64", product: { name: "claws-mail-lang-4.0.0-2.5.aarch64", product_id: "claws-mail-lang-4.0.0-2.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "claws-mail-4.0.0-2.5.ppc64le", product: { name: "claws-mail-4.0.0-2.5.ppc64le", product_id: "claws-mail-4.0.0-2.5.ppc64le", }, }, { category: "product_version", name: "claws-mail-devel-4.0.0-2.5.ppc64le", product: { name: "claws-mail-devel-4.0.0-2.5.ppc64le", product_id: "claws-mail-devel-4.0.0-2.5.ppc64le", }, }, { category: "product_version", name: "claws-mail-lang-4.0.0-2.5.ppc64le", product: { name: "claws-mail-lang-4.0.0-2.5.ppc64le", product_id: "claws-mail-lang-4.0.0-2.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "claws-mail-4.0.0-2.5.s390x", product: { name: "claws-mail-4.0.0-2.5.s390x", product_id: "claws-mail-4.0.0-2.5.s390x", }, }, { category: "product_version", name: "claws-mail-devel-4.0.0-2.5.s390x", product: { name: "claws-mail-devel-4.0.0-2.5.s390x", product_id: "claws-mail-devel-4.0.0-2.5.s390x", }, }, { category: "product_version", name: "claws-mail-lang-4.0.0-2.5.s390x", product: { name: "claws-mail-lang-4.0.0-2.5.s390x", product_id: "claws-mail-lang-4.0.0-2.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "claws-mail-4.0.0-2.5.x86_64", product: { name: "claws-mail-4.0.0-2.5.x86_64", product_id: "claws-mail-4.0.0-2.5.x86_64", }, }, { category: "product_version", name: "claws-mail-devel-4.0.0-2.5.x86_64", product: { name: "claws-mail-devel-4.0.0-2.5.x86_64", product_id: "claws-mail-devel-4.0.0-2.5.x86_64", }, }, { category: "product_version", name: "claws-mail-lang-4.0.0-2.5.x86_64", product: { name: "claws-mail-lang-4.0.0-2.5.x86_64", product_id: "claws-mail-lang-4.0.0-2.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "claws-mail-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", }, product_reference: "claws-mail-4.0.0-2.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", }, product_reference: "claws-mail-4.0.0-2.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-4.0.0-2.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", }, product_reference: "claws-mail-4.0.0-2.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", }, product_reference: "claws-mail-4.0.0-2.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", }, product_reference: "claws-mail-devel-4.0.0-2.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", }, product_reference: "claws-mail-devel-4.0.0-2.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-4.0.0-2.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", }, product_reference: "claws-mail-devel-4.0.0-2.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-devel-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", }, product_reference: "claws-mail-devel-4.0.0-2.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", }, product_reference: "claws-mail-lang-4.0.0-2.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", }, product_reference: "claws-mail-lang-4.0.0-2.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-4.0.0-2.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", }, product_reference: "claws-mail-lang-4.0.0-2.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "claws-mail-lang-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", }, product_reference: "claws-mail-lang-4.0.0-2.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2007-1558", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2007-1558", }, ], notes: [ { category: "general", text: "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2007-1558", url: "https://www.suse.com/security/cve/CVE-2007-1558", }, { category: "external", summary: "SUSE Bug 262450 for CVE-2007-1558", url: "https://bugzilla.suse.com/262450", }, { category: "external", summary: "SUSE Bug 271197 for CVE-2007-1558", url: "https://bugzilla.suse.com/271197", }, { category: "external", summary: "SUSE Bug 279843 for CVE-2007-1558", url: "https://bugzilla.suse.com/279843", }, { category: "external", summary: "SUSE Bug 281321 for CVE-2007-1558", url: "https://bugzilla.suse.com/281321", }, { category: "external", summary: "SUSE Bug 281323 for CVE-2007-1558", url: "https://bugzilla.suse.com/281323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2007-1558", }, { cve: "CVE-2020-15917", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15917", }, ], notes: [ { category: "general", text: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15917", url: "https://www.suse.com/security/cve/CVE-2020-15917", }, { category: "external", summary: "SUSE Bug 1174457 for CVE-2020-15917", url: "https://bugzilla.suse.com/1174457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x", "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2020-15917", }, ], }
gsd-2020-15917
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-15917", description: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", id: "GSD-2020-15917", references: [ "https://www.suse.com/security/cve/CVE-2020-15917.html", "https://advisories.mageia.org/CVE-2020-15917.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-15917", ], details: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", id: "GSD-2020-15917", modified: "2023-12-13T01:21:43.272269Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", refsource: "MISC", url: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { name: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", refsource: "MISC", url: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", }, { name: "GLSA-202007-56", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-56", }, { name: "openSUSE-SU-2020:1116", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { name: "FEDORA-2020-2def860ce7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { name: "FEDORA-2020-fe6c1a9c16", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { name: "openSUSE-SU-2020:1139", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { name: "openSUSE-SU-2020:1269", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { name: "openSUSE-SU-2020:1192", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { name: "openSUSE-SU-2020:1822", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.17.6", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15917", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], }, ], }, references: { reference_data: [ { name: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", refsource: "MISC", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES", }, { name: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", refsource: "MISC", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { name: "GLSA-202007-56", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-56", }, { name: "openSUSE-SU-2020:1116", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { name: "FEDORA-2020-fe6c1a9c16", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { name: "FEDORA-2020-2def860ce7", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { name: "openSUSE-SU-2020:1139", refsource: "SUSE", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { name: "openSUSE-SU-2020:1269", refsource: "SUSE", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { name: "openSUSE-SU-2020:1192", refsource: "SUSE", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { name: "openSUSE-SU-2020:1822", refsource: "SUSE", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2022-11-16T03:52Z", publishedDate: "2020-07-23T19:15Z", }, }, }
fkie_cve-2020-15917
Vulnerability from fkie_nvd
Published
2020-07-23 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| claws-mail | claws-mail | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:*", matchCriteriaId: "C04E05AD-6F5B-4DF8-BD31-E231E0AD45F5", versionEndExcluding: "3.17.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", matchCriteriaId: "67E82302-4B77-44F3-97B1-24C18AC4A35D", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.", }, { lang: "es", value: "El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente", }, ], id: "CVE-2020-15917", lastModified: "2024-11-21T05:06:26.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-23T19:15:10.137", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, { source: "cve@mitre.org", url: "https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES", }, { source: "cve@mitre.org", url: "https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-56", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=fcc25329049b6f9bd8d890f1197ed61eb12e14d5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YVQB7NRBHO67Q74RS7RZCMW4ENRVBB4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7UX65342HRVDQML4G4GEVEUB764EUM5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-56", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.