opensuse-su-2021:1045-1
Vulnerability from csaf_opensuse
Published
2021-07-15 22:06
Modified
2021-07-15 22:06
Summary
Security update for claws-mail
Notes
Title of the patch
Security update for claws-mail
Description of the patch
This update for claws-mail fixes the following issues:
Update to 3.18.0
* Support for the OAuth2 authorisation protocol has been added for
IMAP, POP and SMTP using custom, user-generated client IDs.
OAuth2 preferences are found in the Account Preferences on the
Receive page (for POP: Authenticate before POP connection, for
IMAP: Authentication method); the Send page (SMTP authentication:
Authentication method); and on a dedicated OAuth2 page.
* The option 'Save (X-)Face in address book if possible' has been
added to the /Message View/Text Options preferences page.
Previously the (X-)Face would be saved automatically, therefore
this option is turned on by default.
* The Image Viewer has been reworked. New options have been added to
/Message View/Image Viewer: when resizing images, either fit the
image width or fit the image height to the available space.
Fitting the image height is the default. Regardless of this
setting, when displaying images inline they will fit the height.
When displaying an image, left-clicking the image will toggle
between full size and reduced size; right-clicking will toggle
between fitting the height and fitting the width.
* When re-editing a saved message, it is now possible to use
/Options/Remove References.
* It is now possible to attempt to retrieve a missing GPG key via
WKD.
* The man page has been updated.
* Updated translations: Brazilian Portuguese, British English,
Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian,
Slovak, Spanish, Traditional Chinese, Turkish.
* bug fixes: claws#2411, claws#4326, claws#4394, claws#4431,
claws#4445, claws#4447, claws#4455, claws#4473
- stop WM's X button from causing GPG key fetch attempt
- Make fancy respect default font size for messageview
- harden link checker before accepting click
- non-display of (X-)Face when prefs_common.enable_avatars
is AVATARS_ENABLE_RENDER (2)
- debian bug #983778, 'Segfault on selecting empty 'X-Face'
custom header'
* It is now possible to 'Inherit Folder properties and processing
rules from parent folder' when creating new folders with the
move message and copy message dialogues.
* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).
* The progress window when importing an mbox file is now more
responsive.
* A warning dialogue is shown if the selected privacy system is
'None' and automatic signing amd/or encrypting is enabled.
* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on
newer systems which have both python2 and python3.
Bug fixes:
* bug 3922, 'minimize to tray on startup not working'
* bug 4220, 'generates files in cache without content'
* bug 4325, 'Following redirects when retrieving image'
* bug 4342, 'Import mbox file command doesn't work twice on a row'
* fix STARTTLS protocol violation CVE-2020-15917 boo#1174457)
* fix initial debug line
* fix fat-fingered crash when v (hiding msgview) is pressed
just before c (check signature)
* fix non-translation of some Templates strings
Patchnames
openSUSE-2021-1045
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for claws-mail",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for claws-mail fixes the following issues:\n\nUpdate to 3.18.0\n\n * Support for the OAuth2 authorisation protocol has been added for\n IMAP, POP and SMTP using custom, user-generated client IDs.\n OAuth2 preferences are found in the Account Preferences on the\n Receive page (for POP: Authenticate before POP connection, for\n IMAP: Authentication method); the Send page (SMTP authentication:\n Authentication method); and on a dedicated OAuth2 page.\n * The option \u0027Save (X-)Face in address book if possible\u0027 has been\n added to the /Message View/Text Options preferences page.\n Previously the (X-)Face would be saved automatically, therefore\n this option is turned on by default.\n * The Image Viewer has been reworked. New options have been added to\n /Message View/Image Viewer: when resizing images, either fit the\n image width or fit the image height to the available space.\n Fitting the image height is the default. Regardless of this\n setting, when displaying images inline they will fit the height.\n When displaying an image, left-clicking the image will toggle\n between full size and reduced size; right-clicking will toggle\n between fitting the height and fitting the width.\n * When re-editing a saved message, it is now possible to use\n /Options/Remove References.\n * It is now possible to attempt to retrieve a missing GPG key via\n WKD.\n * The man page has been updated.\n * Updated translations: Brazilian Portuguese, British English,\n Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian,\n Slovak, Spanish, Traditional Chinese, Turkish.\n * bug fixes: claws#2411, claws#4326, claws#4394, claws#4431,\n claws#4445, claws#4447, claws#4455, claws#4473\n - stop WM\u0027s X button from causing GPG key fetch attempt\n - Make fancy respect default font size for messageview\n - harden link checker before accepting click\n - non-display of (X-)Face when prefs_common.enable_avatars\n is AVATARS_ENABLE_RENDER (2)\n - debian bug #983778, \u0027Segfault on selecting empty \u0027X-Face\u0027\n custom header\u0027\n\n * It is now possible to \u0027Inherit Folder properties and processing\n rules from parent folder\u0027 when creating new folders with the\n move message and copy message dialogues.\n * A Phishing warning is now shown when copying a phishing URL, (in\n addition to clicking a phishing URL).\n * The progress window when importing an mbox file is now more\n responsive.\n * A warning dialogue is shown if the selected privacy system is\n \u0027None\u0027 and automatic signing amd/or encrypting is enabled.\n * Python plugin: pkgconfig is now used to check for python2. This\n enables the Python plugin (which uses python2) to be built on\n newer systems which have both python2 and python3.\n\n Bug fixes:\n\n * bug 3922, \u0027minimize to tray on startup not working\u0027\n * bug 4220, \u0027generates files in cache without content\u0027\n * bug 4325, \u0027Following redirects when retrieving image\u0027\n * bug 4342, \u0027Import mbox file command doesn\u0027t work twice on a row\u0027\n * fix STARTTLS protocol violation CVE-2020-15917 boo#1174457)\n * fix initial debug line\n * fix fat-fingered crash when v (hiding msgview) is pressed\n just before c (check signature)\n * fix non-translation of some Templates strings\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1045",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1045-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1045-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VE6WDEXX6HETWFB6EGOWAEY6QQSAI6E/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1045-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VE6WDEXX6HETWFB6EGOWAEY6QQSAI6E/"
},
{
"category": "self",
"summary": "SUSE Bug 1174457",
"url": "https://bugzilla.suse.com/1174457"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15917 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15917/"
}
],
"title": "Security update for claws-mail",
"tracking": {
"current_release_date": "2021-07-15T22:06:35Z",
"generator": {
"date": "2021-07-15T22:06:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1045-1",
"initial_release_date": "2021-07-15T22:06:35Z",
"revision_history": [
{
"date": "2021-07-15T22:06:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"product": {
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"product_id": "claws-mail-3.18.0-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"product": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"product_id": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"product": {
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"product_id": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"product": {
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"product_id": "claws-mail-3.18.0-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"product": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"product_id": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"product": {
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"product_id": "claws-mail-3.18.0-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"product": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"product_id": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"product": {
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"product_id": "claws-mail-3.18.0-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"product": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"product_id": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
},
"product_reference": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
},
"product_reference": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
},
"product_reference": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64"
},
"product_reference": "claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
},
"product_reference": "claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15917"
}
],
"notes": [
{
"category": "general",
"text": "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15917",
"url": "https://www.suse.com/security/cve/CVE-2020-15917"
},
{
"category": "external",
"summary": "SUSE Bug 1174457 for CVE-2020-15917",
"url": "https://bugzilla.suse.com/1174457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.2:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.2:claws-mail-lang-3.18.0-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:claws-mail-devel-3.18.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:claws-mail-lang-3.18.0-bp153.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-15T22:06:35Z",
"details": "critical"
}
],
"title": "CVE-2020-15917"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…