Bug 29353

Summary: kmail, trojita, sylpheed bugs with STARTTLS with possible security implications
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: KDE maintainers <kde>
Status: NEW --- QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8TOO
Source RPM: kmail-21.04.1-1.mga9.src.rpm, trojita-0.7-8.git20200625.2.mga8.src.rpm, sylpheed-3.7.0-4.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-08-10 16:41:04 CEST 
This writeup explains several issues with STARTTLS implementations in e-mail servers and clients:
https://nostarttls.secvuln.info/

We already have bugs filed for the CVEs listed there, and have fixed most of them.  There are also the following bug reports, which we should make sure we have fixes for (when they are available):

trojita
https://bugs.kde.org/show_bug.cgi?id=432353
https://bugs.kde.org/show_bug.cgi?id=416942
https://bugs.kde.org/show_bug.cgi?id=432354

kmail
https://bugs.kde.org/show_bug.cgi?id=423423
https://bugs.kde.org/show_bug.cgi?id=423426
https://bugs.kde.org/show_bug.cgi?id=423424

sylpheed
https://sylpheed.sraoss.jp/redmine/issues/322
David Walser 2021-08-10 16:41:39 CEST

Assignee: bugsquad => kde
Whiteboard: (none) => MGA8TOO