OpenSuSE has issued an advisory today (October 14): http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html The rssyl plugin doesn't support verifying TLS certificates. This is fixed upstream in 3.10.1 (which we have in Cauldron). It's a pretty minor issue, so I'll leave it to Jani to decide if we should update this for stable. Mageia 3 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Pushed 3.11.1 to core/updates_testing for mga4. Please test. Pkgs: claws-mail-3.11.1-1.mga4 claws-mail-tools-3.11.1-1.mga4 claws-mail-devel-3.11.1-1.mga4 claws-mail-plugins-3.11.1-1.mga4 claws-mail-archive-plugin-3.11.1-1.mga4 claws-mail-bogofilter-plugin-3.11.1-1.mga4 claws-mail-gdata-plugin-3.11.1-1.mga4 claws-mail-smime-plugin-3.11.1-1.mga4 claws-mail-pgpcore-plugin-3.11.1-1.mga4 claws-mail-pgpinline-plugin-3.11.1-1.mga4 claws-mail-pgpmime-plugin-3.11.1-1.mga4 claws-mail-spamassassin-plugin-3.11.1-1.mga4 claws-mail-acpi-plugin-3.11.1-1.mga4 claws-mail-att_remover-plugin-3.11.1-1.mga4 claws-mail-bsfilter-plugin-3.11.1-1.mga4 claws-mail-fancy-plugin-3.11.1-1.mga4 claws-mail-fetchinfo-plugin-3.11.1-1.mga4 claws-mail-mailmbox-plugin-3.11.1-1.mga4 claws-mail-newmail-plugin-3.11.1-1.mga4 claws-mail-notification-plugin-3.11.1-1.mga4 claws-mail-perl-plugin-3.11.1-1.mga4 claws-mail-python-plugin-3.11.1-1.mga4 claws-mail-rssyl-plugin-3.11.1-1.mga4 claws-mail-vcalendar-plugin-3.11.1-1.mga4 claws-mail-vcalendar-plugin-devel-3.11.1-1.mga4 claws-mail-attachwarner-plugin-3.11.1-1.mga4 claws-mail-spam_report-plugin-3.11.1-1.mga4 claws-mail-tnef_parse-plugin-3.11.1-1.mga4 claws-mail-address_keeper-plugin-3.11.1-1.mga4 claws-mail-clamd-plugin-3.11.1-1.mga4 claws-mail-pdf_viewer-plugin-3.11.1-1.mga4 claws-mail-libravatar-plugin-3.11.1-1.mga4 P.S. I think I'm not going to touch mga3.
Assignee: jani.valimaa => qa-bugs
Thanks Jani! Dropping Mageia 3 from the whiteboard as the maintainer has no intention of updating it. Advisory: ---------------------------------------- This update provides claws-mail version 3.11.1, which includes several fixes and improvements related to SSL/TLS, and fixes other bugs as well. See the upstream news for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576 http://www.claws-mail.org/news.php http://sourceforge.net/p/claws-mail/news/ http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html
Whiteboard: MGA3TOO => (none)
CC: (none) => jani.valimaa
Testing complete Mga4 64&32 validated update. Sysadmins push this updates.
Keywords: (none) => validated_updateCC: (none) => ozkyster, sysadmin-bugsWhiteboard: (none) => MGA4-64-OK MGA4-32-OK
Maybe we should push new libetpan with claws-mail too? David, do you have any thoughts about it?
I'm not all that concerned about POODLE issues, but I have no problem with updating libetpan if you want to or think it maybe should be. I don't have strong feelings about it either way.
OK, lets push claws-mail without touching libetpan. New libetpan would mean rebuilding claws-mail as lib major was bumped in libetpan 1.5. I'll reconsider pushing libetpan if users reports issues with claws-mail.
Was there an error that caused this to not be pushed?
CC: (none) => pterjan
No advisory on SVN :-) It's now uploaded.
CC: (none) => remiWhiteboard: MGA4-64-OK MGA4-32-OK => MGA4-64-OK MGA4-32-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0449.html
Status: NEW => RESOLVEDResolution: (none) => FIXED