| Summary: | claws-mail new security issue CVE-2014-2576 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | jani.valimaa, ottoleipala1, pterjan, rverschelde, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/616167/ | ||
| Whiteboard: | MGA4-64-OK MGA4-32-OK advisory | ||
| Source RPM: | claws-mail-3.9.3-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-10-14 23:44:15 CEST
David Walser
2014-10-14 23:44:21 CEST
Whiteboard:
(none) =>
MGA3TOO Pushed 3.11.1 to core/updates_testing for mga4. Please test. Pkgs: claws-mail-3.11.1-1.mga4 claws-mail-tools-3.11.1-1.mga4 claws-mail-devel-3.11.1-1.mga4 claws-mail-plugins-3.11.1-1.mga4 claws-mail-archive-plugin-3.11.1-1.mga4 claws-mail-bogofilter-plugin-3.11.1-1.mga4 claws-mail-gdata-plugin-3.11.1-1.mga4 claws-mail-smime-plugin-3.11.1-1.mga4 claws-mail-pgpcore-plugin-3.11.1-1.mga4 claws-mail-pgpinline-plugin-3.11.1-1.mga4 claws-mail-pgpmime-plugin-3.11.1-1.mga4 claws-mail-spamassassin-plugin-3.11.1-1.mga4 claws-mail-acpi-plugin-3.11.1-1.mga4 claws-mail-att_remover-plugin-3.11.1-1.mga4 claws-mail-bsfilter-plugin-3.11.1-1.mga4 claws-mail-fancy-plugin-3.11.1-1.mga4 claws-mail-fetchinfo-plugin-3.11.1-1.mga4 claws-mail-mailmbox-plugin-3.11.1-1.mga4 claws-mail-newmail-plugin-3.11.1-1.mga4 claws-mail-notification-plugin-3.11.1-1.mga4 claws-mail-perl-plugin-3.11.1-1.mga4 claws-mail-python-plugin-3.11.1-1.mga4 claws-mail-rssyl-plugin-3.11.1-1.mga4 claws-mail-vcalendar-plugin-3.11.1-1.mga4 claws-mail-vcalendar-plugin-devel-3.11.1-1.mga4 claws-mail-attachwarner-plugin-3.11.1-1.mga4 claws-mail-spam_report-plugin-3.11.1-1.mga4 claws-mail-tnef_parse-plugin-3.11.1-1.mga4 claws-mail-address_keeper-plugin-3.11.1-1.mga4 claws-mail-clamd-plugin-3.11.1-1.mga4 claws-mail-pdf_viewer-plugin-3.11.1-1.mga4 claws-mail-libravatar-plugin-3.11.1-1.mga4 P.S. I think I'm not going to touch mga3. Assignee:
jani.valimaa =>
qa-bugs Thanks Jani! Dropping Mageia 3 from the whiteboard as the maintainer has no intention of updating it. Advisory: ---------------------------------------- This update provides claws-mail version 3.11.1, which includes several fixes and improvements related to SSL/TLS, and fixes other bugs as well. See the upstream news for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576 http://www.claws-mail.org/news.php http://sourceforge.net/p/claws-mail/news/ http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html Whiteboard:
MGA3TOO =>
(none)
David Walser
2014-10-31 17:55:46 CET
CC:
(none) =>
jani.valimaa Testing complete Mga4 64&32 validated update. Sysadmins push this updates. Keywords:
(none) =>
validated_update Maybe we should push new libetpan with claws-mail too? David, do you have any thoughts about it? I'm not all that concerned about POODLE issues, but I have no problem with updating libetpan if you want to or think it maybe should be. I don't have strong feelings about it either way. OK, lets push claws-mail without touching libetpan. New libetpan would mean rebuilding claws-mail as lib major was bumped in libetpan 1.5. I'll reconsider pushing libetpan if users reports issues with claws-mail. Was there an error that caused this to not be pushed? CC:
(none) =>
pterjan No advisory on SVN :-) It's now uploaded. CC:
(none) =>
remi An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0449.html Status:
NEW =>
RESOLVED |