opensuse-su-2020:1822-1
Vulnerability from csaf_opensuse
Published
2020-11-02 23:25
Modified
2020-11-02 23:25
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
- Additional cleanup of the template handling
claws-mail was updated to 3.17.8 (boo#1177967)
* Shielded template's |program{} and |attach_program{} so that the
command-line that is executed does not allow sequencing such as
with && || ;, preventing possible execution of nasty, or at least
unexpected, commands
* bug fixes: claws#4376
* updated English, French, and Spanish manuals
- Update to 3.17.7
* Image Viewer: Image attachments, when displayed, are now resized
to fit the available width rather than the available height.
* -d is now an alias to --debug.
* Libravatar plugin: New styles supported: Robohash and Pagan.
* SpamAssassin plugin: The 'Maximum size' option now matches
SpamAssassin's maximum; it can now handle messages up to 256MB.
* LiteHTML viewer plugin: The UI is now translatable.
Bug fixes:
* bug 4313, 'Recursion stack overflow with rebuilding folder
tree'
* bug 4372, '[pl_PL] Crash after 'Send later' without
recipient and then 'Close''
* bug 4373, 'attach mailto URI double free'
* bug 4374, 'insert mailto URI misses checks'
* bug 4384, 'U+00AD (soft hyphen) changed to space in
Subject'
* bug 4386, 'Allow Sieve config without userid without
warning'
* Add missing SSL settings when cloning accounts.
* Parsing of command-line arguments.
* PGP Core plugin: fix segv in address completion with a
keyring.
* Libravatar plugin: fixes to image display.
- Disable python-gtk plugin on suse_version > 1500: still relying
on python2, which is EOL.
- Update to 3.17.6:
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
Bug fixes:
* bug 3922, 'minimize to tray on startup not working'
* bug 4220, 'generates files in cache without content'
* bug 4325, 'Following redirects when retrieving image'
* bug 4342, 'Import mbox file command doesn't work twice on a row'
* fix STARTTLS protocol violation
* fix initial debug line
* fix fat-fingered crash when v (hiding msgview) is pressed
just before c (check signature)
* fix non-translation of some Templates strings
- Update to 3.17.5
+ Inline Git patches now have colour syntax highlighting
The colours of these, and patch attachments, are configurable on
the 'Other' tab of the Display/Colors page of the general
preferences.
+ The previously hidden preference, 'summary_from_show', is now
configurable within the UI, on the 'Message List' tab of the
Display/Summaries page of the general preferences, 'Displayed in
From column [ ]'.
+ 'Re-edit' has been added to the message context menu when in the
Drafts folder.
+ Additional Date header formats are supported:
- weekday, month, day, hh, mm, ss, year, zone
- weekday, month, day, hh, mm, ss, year
+ LiteHtml viewer plugin: scrolling with the keyboard has been
implemented.
+ The included tools/scripts have been updated:
- eud2gc.py converted to Python 3
- tbird2claws.py converted to Python 3
- tbird2claws.py converted to Python 3
- google_search.pl has been replaced with ddg_search.pl (that is,
duckduckgo.com instead of google.com)
- fix_date.sh and its documentation have been updated
- multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google'
has been replaced by 'ddg'
- the outdated OOo2claws-mail.pl script has been removed
+ Updated manuals
+ Updated translations: British English, Catalan, Czech, Danish,
Dutch, French, German, Russian, Slovak, Spanish, Swedish,
Traditional Chinese, Turkish
+ bug fixes: claws#2131, claws#4237, claws#4239, claws#4248,
claws#4253, claws#4257, claws#4277, claws#4278, claws#4305
+ Misc bugs fixed:
- Fix crash in litehtml_viewer when tag has no href
- removed 'The following file has been attached...' dialogue
- MBOX import: give a better estimation of the time left and
grey out widgets while importing
- Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate
before terminating nul copying as many bytes from a string
as its length'
- RSSyl: Fix handling deleted feed items where modified and
published dates do not match
- fix bolding of target folder
- when creating a new account, don't pre-fill data from the
default account
- respect 'default selection' settings when moving a msg with
manual filtering
- Fix printing of empty pages when the selected part is
rendered with a plugin not implementing print
- Addressbook folder selection dialogs: make sure folder list
is sorted and apply global prefs to get stripes in lists.
- when user cancels the GPG signing passphrase dialogue,
don't bother the user with an 'error' dialogue
- Fix imap keyword search. Libetpan assumes keyword search is
a MUST but RFC states it is a MAY. Fix advanced search on
MS Exchange
- fix SHIFT+SPACE in msg list, moving in reverse
- revert pasting images as attachments
- Fix help about command-line arguments that require a
parameter.
- Printing: only print as plain text if the part is of type
text
- fix a segfault with default info icon when trying to print
a non-text part.
- Add a test on build-time libetpan version to require the proper
version at run-time (boo#1157594)
- Move 'Mark all read/unread' menu entries where they belong.
remove-MarkAll-from-message-menu.patch (claws#4278)
add-MarkAll-to-folder-menu.patch (claws#4278)
- Make litehtml plugin build on Tumbleweed.
- Update to 3.17.4:
* New HTML viewer plugin: Litehtml viewer
* Added option 'Enable keyboard shortcuts' to the 'Keyboard
shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous
* Compose: implemented copying of attached images to clipboard
* Compose: images and text/uri-list (files) can now be attached by
pasting into the Compose window
* Python plugin: window sizes are now remembered for the Python
console, the 'Open URLs' and the 'Set mailbox order' windows.
* Fancy plugin: the download-link feature now follows redirections
* MBOX export: the Enter key in the dialogue now starts the export
* The date (ISO format) has been added to log timestamps
* Update translations
- bug 1920, 'No automatic NNTP filtering'
- bug 2045, 'address book blocks focus on email window'
- bug 2131, 'Focus stealing after mail check'
- bug 2627, 'Filtering does not work on NNTP'
- bug 3070, 'misbehaving text wrapping when URL chars are present'
- bug 3838, 'Canceled right-click on message list leaves UI
in inconsistent state'
- bug 3977, 'Fix crashes when some external APIs fail'
- bug 3979, 'Hang (with killing needed) during action which
extracts attachments'
- bug 4029, 'segfault after deleting message in a window'
- bug 4031, 'fingerprint in SSL/TLS certificates for ...
(regress error)'
- bug 4037, 'Fix some small issues'
- bug 4142, 'Translation error on Russian'
- bug 4145, 'proxy server for sending doesn't work'
- bug 4155, 'remember directory of last saving'
- bug 4166, 'corrupted double-linked list'
- bug 4167, 'Max line length exceeded when forwarding mail'
- bug 4188, 'STL file is sent not as an attachment but as its
base64 representation in plaintext'
- CID 1442278, 'impossible to trigger buffer overflow'
- Make key accelerators from menu work in addressbook window
- save checkbox choices of display/summaries/defaults prefs
- Do not throw an error when cancelling 'Save email as...'.
- occasional crash on drag'n'drop of msgs
- possible stack overflow in vcalendar's Curl data handler
- crash when LDAP address source is defined in index, but
- support is disabled
- crash in Fancy plugin if one of the MIME parts has no
- -ID
- a few small memory leaks in scan_mailto_url()
- configure script for rare cases where python is not
installed
- incorrect charset conversion in sc_html_read_line().
- markup in 'key not fully trusted' warning in pgpcore
- use after free in rare code path in rssyl_subscribe()
- several memory leaks
- verify_folderlist_xml() for fresh starts
- printf formats for size_t and goffset arguments.
- alertpanel API use in win32 part of mimeview.c
- pid handling in debug output of kill_children_cb()
- incorrect pointer arithmetic in w32_filesel.c
Patchnames
openSUSE-2020-1822
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for claws-mail",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for claws-mail fixes the following issues:\n\n- Additional cleanup of the template handling\n\nclaws-mail was updated to 3.17.8 (boo#1177967)\n\n * Shielded template\u0027s |program{} and |attach_program{} so that the\n command-line that is executed does not allow sequencing such as\n with \u0026\u0026 || ;, preventing possible execution of nasty, or at least\n unexpected, commands\n * bug fixes: claws#4376\n * updated English, French, and Spanish manuals\n\n- Update to 3.17.7 \n\n * Image Viewer: Image attachments, when displayed, are now resized\n to fit the available width rather than the available height.\n * -d is now an alias to --debug.\n * Libravatar plugin: New styles supported: Robohash and Pagan.\n * SpamAssassin plugin: The \u0027Maximum size\u0027 option now matches\n SpamAssassin\u0027s maximum; it can now handle messages up to 256MB.\n * LiteHTML viewer plugin: The UI is now translatable.\n Bug fixes:\n * bug 4313, \u0027Recursion stack overflow with rebuilding folder\n tree\u0027\n * bug 4372, \u0027[pl_PL] Crash after \u0027Send later\u0027 without\n recipient and then \u0027Close\u0027\u0027\n * bug 4373, \u0027attach mailto URI double free\u0027\n * bug 4374, \u0027insert mailto URI misses checks\u0027\n * bug 4384, \u0027U+00AD (soft hyphen) changed to space in\n Subject\u0027\n * bug 4386, \u0027Allow Sieve config without userid without\n warning\u0027\n * Add missing SSL settings when cloning accounts.\n * Parsing of command-line arguments.\n * PGP Core plugin: fix segv in address completion with a\n keyring.\n * Libravatar plugin: fixes to image display.\n\n- Disable python-gtk plugin on suse_version \u003e 1500: still relying\n on python2, which is EOL.\n\n- Update to 3.17.6:\n\n * It is now possible to \u0027Inherit Folder properties and processing\n rules from parent folder\u0027 when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n \u0027None\u0027 and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n Bug fixes:\n * bug 3922, \u0027minimize to tray on startup not working\u0027\n * bug 4220, \u0027generates files in cache without content\u0027\n * bug 4325, \u0027Following redirects when retrieving image\u0027\n * bug 4342, \u0027Import mbox file command doesn\u0027t work twice on a row\u0027\n * fix STARTTLS protocol violation\n * fix initial debug line\n * fix fat-fingered crash when v (hiding msgview) is pressed\n just before c (check signature)\n * fix non-translation of some Templates strings\n\n\n- Update to 3.17.5\n\n + Inline Git patches now have colour syntax highlighting\n The colours of these, and patch attachments, are configurable on\n the \u0027Other\u0027 tab of the Display/Colors page of the general\n preferences.\n + The previously hidden preference, \u0027summary_from_show\u0027, is now\n configurable within the UI, on the \u0027Message List\u0027 tab of the\n Display/Summaries page of the general preferences, \u0027Displayed in\n From column [ ]\u0027.\n + \u0027Re-edit\u0027 has been added to the message context menu when in the\n Drafts folder.\n + Additional Date header formats are supported:\n - weekday, month, day, hh, mm, ss, year, zone\n - weekday, month, day, hh, mm, ss, year\n + LiteHtml viewer plugin: scrolling with the keyboard has been\n implemented.\n + The included tools/scripts have been updated:\n - eud2gc.py converted to Python 3\n - tbird2claws.py converted to Python 3\n - tbird2claws.py converted to Python 3\n - google_search.pl has been replaced with ddg_search.pl (that is,\n duckduckgo.com instead of google.com)\n - fix_date.sh and its documentation have been updated \n - multiwebsearch.pl \u0027fm\u0027 (freshmeat.net) has been removed; \u0027google\u0027\n has been replaced by \u0027ddg\u0027\n - the outdated OOo2claws-mail.pl script has been removed\n + Updated manuals\n + Updated translations: British English, Catalan, Czech, Danish,\n Dutch, French, German, Russian, Slovak, Spanish, Swedish,\n Traditional Chinese, Turkish\n + bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, \n claws#4253, claws#4257, claws#4277, claws#4278, claws#4305\n + Misc bugs fixed:\n - Fix crash in litehtml_viewer when tag has no href\n - removed \u0027The following file has been attached...\u0027 dialogue\n - MBOX import: give a better estimation of the time left and\n grey out widgets while importing\n - Fixed \u0027vcard.c:238:2: warning: \u2018strncpy\u2019 output truncate \n before terminating nul copying as many bytes from a string\n as its length\u0027\n - RSSyl: Fix handling deleted feed items where modified and\n published dates do not match \n - fix bolding of target folder\n - when creating a new account, don\u0027t pre-fill data from the\n default account\n - respect \u0027default selection\u0027 settings when moving a msg with\n manual filtering\n - Fix printing of empty pages when the selected part is\n rendered with a plugin not implementing print\n - Addressbook folder selection dialogs: make sure folder list\n is sorted and apply global prefs to get stripes in lists.\n - when user cancels the GPG signing passphrase dialogue,\n don\u0027t bother the user with an \u0027error\u0027 dialogue\n - Fix imap keyword search. Libetpan assumes keyword search is\n a MUST but RFC states it is a MAY. Fix advanced search on\n MS Exchange\n - fix SHIFT+SPACE in msg list, moving in reverse\n - revert pasting images as attachments\n - Fix help about command-line arguments that require a\n parameter.\n - Printing: only print as plain text if the part is of type\n text\n - fix a segfault with default info icon when trying to print\n a non-text part.\n\n- Add a test on build-time libetpan version to require the proper\n version at run-time (boo#1157594)\n\n- Move \u0027Mark all read/unread\u0027 menu entries where they belong.\n remove-MarkAll-from-message-menu.patch (claws#4278)\n add-MarkAll-to-folder-menu.patch (claws#4278)\n\n- Make litehtml plugin build on Tumbleweed.\n\n- Update to 3.17.4:\n\n * New HTML viewer plugin: Litehtml viewer\n * Added option \u0027Enable keyboard shortcuts\u0027 to the \u0027Keyboard\n shortcuts\u0027 frame on /Configuration/Preferences/Other/Miscellaneous\n * Compose: implemented copying of attached images to clipboard\n * Compose: images and text/uri-list (files) can now be attached by\n pasting into the Compose window\n * Python plugin: window sizes are now remembered for the Python\n console, the \u0027Open URLs\u0027 and the \u0027Set mailbox order\u0027 windows.\n * Fancy plugin: the download-link feature now follows redirections\n * MBOX export: the Enter key in the dialogue now starts the export\n * The date (ISO format) has been added to log timestamps\n * Update translations\n - bug 1920, \u0027No automatic NNTP filtering\u0027\n - bug 2045, \u0027address book blocks focus on email window\u0027\n - bug 2131, \u0027Focus stealing after mail check\u0027\n - bug 2627, \u0027Filtering does not work on NNTP\u0027\n - bug 3070, \u0027misbehaving text wrapping when URL chars are present\u0027\n - bug 3838, \u0027Canceled right-click on message list leaves UI\n in inconsistent state\u0027\n - bug 3977, \u0027Fix crashes when some external APIs fail\u0027\n - bug 3979, \u0027Hang (with killing needed) during action which\n extracts attachments\u0027\n - bug 4029, \u0027segfault after deleting message in a window\u0027\n - bug 4031, \u0027fingerprint in SSL/TLS certificates for ...\n (regress error)\u0027\n - bug 4037, \u0027Fix some small issues\u0027\n - bug 4142, \u0027Translation error on Russian\u0027\n - bug 4145, \u0027proxy server for sending doesn\u0027t work\u0027\n - bug 4155, \u0027remember directory of last saving\u0027\n - bug 4166, \u0027corrupted double-linked list\u0027\n - bug 4167, \u0027Max line length exceeded when forwarding mail\u0027\n - bug 4188, \u0027STL file is sent not as an attachment but as its\n base64 representation in plaintext\u0027\n - CID 1442278, \u0027impossible to trigger buffer overflow\u0027\n - Make key accelerators from menu work in addressbook window\n - save checkbox choices of display/summaries/defaults prefs\n - Do not throw an error when cancelling \u0027Save email as...\u0027.\n - occasional crash on drag\u0027n\u0027drop of msgs\n - possible stack overflow in vcalendar\u0027s Curl data handler\n - crash when LDAP address source is defined in index, but\n - support is disabled\n - crash in Fancy plugin if one of the MIME parts has no\n - -ID\n - a few small memory leaks in scan_mailto_url()\n - configure script for rare cases where python is not\n installed\n - incorrect charset conversion in sc_html_read_line().\n - markup in \u0027key not fully trusted\u0027 warning in pgpcore\n - use after free in rare code path in rssyl_subscribe()\n - several memory leaks\n - verify_folderlist_xml() for fresh starts\n - printf formats for size_t and goffset arguments.\n - alertpanel API use in win32 part of mimeview.c\n - pid handling in debug output of kill_children_cb()\n - incorrect pointer arithmetic in w32_filesel.c\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1822",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1822-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1822-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1822-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/"
},
{
"category": "self",
"summary": "SUSE Bug 1157594",
"url": "https://bugzilla.suse.com/1157594"
},
{
"category": "self",
"summary": "SUSE Bug 1177967",
"url": "https://bugzilla.suse.com/1177967"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15917 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15917/"
}
],
"title": "Security update for claws-mail",
"tracking": {
"current_release_date": "2020-11-02T23:25:05Z",
"generator": {
"date": "2020-11-02T23:25:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1822-1",
"initial_release_date": "2020-11-02T23:25:05Z",
"revision_history": [
{
"date": "2020-11-02T23:25:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"product": {
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"product_id": "claws-mail-3.17.8-bp152.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"product": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"product_id": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"product": {
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"product_id": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"product": {
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"product_id": "claws-mail-3.17.8-bp152.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"product": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"product_id": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"product": {
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"product_id": "claws-mail-3.17.8-bp152.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"product": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"product_id": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"product": {
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"product_id": "claws-mail-3.17.8-bp152.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"product": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"product_id": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
},
"product_reference": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
},
"product_reference": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
},
"product_reference": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"
},
"product_reference": "claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
},
"product_reference": "claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15917"
}
],
"notes": [
{
"category": "general",
"text": "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15917",
"url": "https://www.suse.com/security/cve/CVE-2020-15917"
},
{
"category": "external",
"summary": "SUSE Bug 1174457 for CVE-2020-15917",
"url": "https://bugzilla.suse.com/1174457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-02T23:25:05Z",
"details": "critical"
}
],
"title": "CVE-2020-15917"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…