Debian-LTS has issued an advisory on August 16: https://www.debian.org/lts/security/2020/dla-2329 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
libetpan has no evident maintainer, so have to assign this globally.
Assignee: bugsquad => pkg-bugs
Fedora has issued an advisory for this on August 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/
Suggested advisory: ======================== The updated packages fix a security vulnerability: LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection". (CVE-2020-15953) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15953 https://www.debian.org/lts/security/2020/dla-2329 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QFBWNA5REI5ZGW2DAOEAVHM23MOU6O5J/ ======================== Updated packages in core/updates_testing: ======================== lib(64)etpan20-1.9.3-1.1.mga7 lib(64)etpan-devel-1.9.3-1.1.mga7 from SRPM: libetpan-1.9.3-1.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsSource RPM: libetpan-1.9.4-3.mga8.src.rpm => libetpan-1.9.3-1.mga7.src.rpmStatus: NEW => ASSIGNEDCVE: (none) => CVE-2020-15953Whiteboard: MGA7TOO => (none)CC: (none) => nicolas.salgueroVersion: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 20809, using claws-mail to test. Sending to and receiving mail with and without attachment between hotmail account on this laptop with claws-mail and gmail account on my desktop with thunderbird. All works OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => ouaurelienTarget Milestone: --- => Mageia 7Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0366.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED