Bug 29668

Summary: ksmtp, kmail, kimap, kdepim-runtime new TLS-related security issues (including CVE-2020-15954)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: KDE maintainers <kde>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ksmtp-21.04.1-1.mga9.src.rpm, kmail-21.04.1-1.mga9.src.rpm, kimap-21.04.1-1.mga9.src.rpm, kdepim-runtime-21.04.1-1.mga9.src.rpm CVE:
Status comment: Patches available from upstream

Description David Walser 2021-11-18 21:29:36 CET 
KDE has issued advisories today (November 18):
https://kde.org/info/security/advisory-20211118-1.txt
https://kde.org/info/security/advisory-20211118-2.txt

The advisories contain links to upstream commits to fix the issues.

Mageia 8 is also affected.
David Walser 2021-11-18 21:29:48 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patches available from upstream

Comment 1 Nicolas Lécureuil 2021-12-29 09:37:33 CET 
fixed in cauldron ( with kde application 21.12.0 )

CC: (none) => mageia
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 2 David Walser 2021-12-29 18:23:37 CET 
The upstream commits to fix these issues are recent (within the last few months).  These packages haven't been updated in Cauldron since May.

Version: 8 => Cauldron
Whiteboard: (none) => MGA8TOO

Comment 3 Nicolas Lécureuil 2022-01-03 10:13:37 CET 
sorry it was in progress :-)

now we have kde application 21.12.0 in Cauldron.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 4 Nicolas Salguero 2024-01-12 09:32:24 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => OLD