Claws Mail 3.17.8 has been released on October 19: https://claws-mail.org/news.php The first bug fix listed sounds like a security issue: * Shielded template's |program{} and |attach_program{} so that the command-line that is executed does not allow sequencing such as with && || ;, preventing possible execution of nasty, or at least unexpected, commands
Pushed 3.17.8 to core/updates for mga7. Please test. SRPMS: claws-mail-3.17.8-1.mga7 RPMS: claws-mail-3.17.8-1.mga7 claws-mail-tools-3.17.8-1.mga7 claws-mail-devel-3.17.8-1.mga7 claws-mail-plugins-3.17.8-1.mga7 claws-mail-acpi-plugin-3.17.8-1.mga7 claws-mail-address_keeper-plugin-3.17.8-1.mga7 claws-mail-archive-plugin-3.17.8-1.mga7 claws-mail-att_remover-plugin-3.17.8-1.mga7 claws-mail-attachwarner-plugin-3.17.8-1.mga7 claws-mail-bogofilter-plugin-3.17.8-1.mga7 claws-mail-bsfilter-plugin-3.17.8-1.mga7 claws-mail-clamd-plugin-3.17.8-1.mga7 claws-mail-dillo-plugin-3.17.8-1.mga7 claws-mail-fetchinfo-plugin-3.17.8-1.mga7 claws-mail-gdata-plugin-3.17.8-1.mga7 claws-mail-libravatar-plugin-3.17.8-1.mga7 claws-mail-litehtml_viewer-plugin-3.17.8-1.mga7 claws-mail-mailmbox-plugin-3.17.8-1.mga7 claws-mail-managesieve-plugin-3.17.8-1.mga7 claws-mail-newmail-plugin-3.17.8-1.mga7 claws-mail-notification-plugin-3.17.8-1.mga7 claws-mail-pdf_viewer-plugin-3.17.8-1.mga7 claws-mail-perl-plugin-3.17.8-1.mga7 claws-mail-pgpcore-plugin-3.17.8-1.mga7 claws-mail-pgpinline-plugin-3.17.8-1.mga7 claws-mail-pgpmime-plugin-3.17.8-1.mga7 claws-mail-python-plugin-3.17.8-1.mga7 claws-mail-rssyl-plugin-3.17.8-1.mga7 claws-mail-smime-plugin-3.17.8-1.mga7 claws-mail-spamassassin-plugin-3.17.8-1.mga7 claws-mail-spam_report-plugin-3.17.8-1.mga7 claws-mail-vcalendar-plugin-3.17.8-1.mga7
Assignee: julien.moragny => qa-bugs
Packages in core/updates_testing Testing under M7 MATE and XFCE x86_64. 3.17.8-1.mga7 installs OK. Compose mail, send and receive is OK under SSL/IMAP, POP, IMAP and SSL/SMTP and SMTP. Seems OK. Recently tested. Advisory pushed to SVN. Advisory: ---------------------------------------------------------------------- Updated claws-mail packages fix a security vulnerability description: Shielded template's |program{} and |attach_program{} so that the command-line that is executed does not allow sequencing such as with && || ;, preventing possible execution of nasty, or at least unexpected, commands. (No CVE). references: - https://claws-mail.org/news.php SRPM: claws-mail-3.17.8-1.mga7 ----------------------------------------------------------------------
CC: (none) => ouaurelien, sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA7-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0394.html
Status: NEW => RESOLVEDResolution: (none) => FIXED