A security issue fixed upstream in libetpan has been announced:
The issue is fixed in 1.8.
The message above contains a link to the upstream commit that fixed the issue.
Mageia 5 is also affected.
Fixed in cauldron
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Patched package uploaded for Mageia 5.
Updated libetpan package fixes security vulnerability:
It was discovered that libetpan, a C language mail access and handling library that is used in a number of MUAs, contained a NULL dereference vulnerability in the MIME handling code (CVE-2017-8825)
Updated packages in core/updates_testing:
MGA5-32 on Asus A6000VM Xfce
No installation issues.
Claws mail is dependent on libetpan17.
Opened claw mail and sent message (including an attachment) and with
$ strace -o libetpan17 claws-mail
found in the trace file
open("/lib/libetpan.so.17", O_RDONLY|O_CLOEXEC) = 3
So OK for me.
$ urpmq -i lib64etpan17
The purpose of this mail library is to provide a portable, efficient
framework for different kinds of mail access.
$ urpmq --whatrequires lib64etpan17
I use Claws-mail routinely.
BEFORE the update: ib64etpan17-1.6-1.mga5
AFTER the update: lib64etpan17-1.6-1.1.mga5
$ strace claws-mail 2>&1 | grep libetpan
open("/lib64/libetpan.so.17", O_RDONLY|O_CLOEXEC) = 3
Sent a few messages to myself at 2 addresses, with attachment. All looks OK.
Validating; already advisoried.
advisory MGA5-32-OK =>
advisory MGA5-32-OK MGA5-64-OKKeywords:
An update for this issue has been pushed to the Mageia Updates repository.