29353 – kmail, trojita, sylpheed bugs with STARTTLS with possible security implications

Bug 29353 - kmail, trojita, sylpheed bugs with STARTTLS with possible security implications

Summary: kmail, trojita, sylpheed bugs with STARTTLS with possible security implications

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	KDE maintainers
QA Contact:

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:
Blocks:

Reported:	2021-08-10 16:41 CEST by David Walser
Modified:	2021-08-10 16:41 CEST (History)
CC List:	0 users

See Also:
Source RPM:	kmail-21.04.1-1.mga9.src.rpm, trojita-0.7-8.git20200625.2.mga8.src.rpm, sylpheed-3.7.0-4.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-08-10 16:41:04 CEST

This writeup explains several issues with STARTTLS implementations in e-mail servers and clients:
https://nostarttls.secvuln.info/

We already have bugs filed for the CVEs listed there, and have fixed most of them.  There are also the following bug reports, which we should make sure we have fixes for (when they are available):

trojita
https://bugs.kde.org/show_bug.cgi?id=432353
https://bugs.kde.org/show_bug.cgi?id=416942
https://bugs.kde.org/show_bug.cgi?id=432354

kmail
https://bugs.kde.org/show_bug.cgi?id=423423
https://bugs.kde.org/show_bug.cgi?id=423426
https://bugs.kde.org/show_bug.cgi?id=423424

sylpheed
https://sylpheed.sraoss.jp/redmine/issues/322

David Walser 2021-08-10 16:41:39 CEST

Assignee: bugsquad => kde
Whiteboard: (none) => MGA8TOO

Note You need to log in before you can comment on or make changes to this bug.