Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Verwendung schwacher Verschlüsselung in claws-mail
Aktuelle Meldungen Distributionen
Name: Verwendung schwacher Verschlüsselung in claws-mail
ID: FEDORA-2014-14237
Distribution: Fedora
Plattformen: Fedora 19
Datum: Mo, 5. Januar 2015, 09:28
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

Originalnachricht

Name        : claws-mail
Product : Fedora 19
Version : 3.11.1
Release : 2.fc19
URL : http://claws-mail.org
Summary : Email client and news reader based on GTK+
Description :
Claws Mail is an email client (and news reader), based on GTK+, featuring
quick response, graceful and sophisticated interface, easy configuration,
intuitive operation, abundant features, and extensibility.

-------------------------------------------------------------------------------
-
Update Information:

* SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.

* Several PGP/Core plugin improvements

* A new version of the RSSyl plugin, completely redesigned and rewritten.

* The results of TAB address completion in the Compose window have improved
ordering.

* Due to popular demand, use of the Up key in the message body in the Compose
window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.

* In the Compose window, when navigating with the arrow keys, selecting, and
thus modifying, the Account selector is now prevented.

* In the Compose window, a mnemonic (s) has been added to the Subject line.

* The Queue folder is highlighted if there are messages in its sub-folders and
the tree is collapsed.

* When sorting messages by 'thread date', clicking the 'Date'
column header will now toggle between ascending/descending and will not switch to 'date' sorting.

* A new QuickSearch filter has been added that searches a header's content
only. H S : messages which contain S in the value of any header.

* A Reply-To field has been added to the main Template configuration.

* The menubar can now be hidden, default hotkey: F12.

* Fancy plugin: A user-controlled stylesheet can now be used.

* Python plugin: Add flag attributes to MessageInfo object.

* Python plugin: Make 'account' property of ComposeWindow read/write.

* Libravatar plugin: a network timeout option has been added.

* Use 'gnutls_priority' hidden account preference for POP3 and
STARTTLS connections, in addition to SMTP.

* RSSyl plugin: Enable use of .netrc to store network credentials.

* The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws
Mail mailbox, now handles sub-directory recursion.

* Updated translations

* Various Bugfixes
New in 3.10.1:
* Add an account preference to allow automatically accepting unknown and
changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).

* RFE 3196, 'When changing quicksearch Search Type, set focus to search
input box'

* PGP/Core plugin: Generate 2048 bit RSA keys.

* Major code cleanup.

* Extended claws-mail.desktop with Compose and Receive actions.

* Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish,
French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.

* Bug fixes


New in 3.10.0:

* Complete SSL certificate chains are now saved, and if built with Libetpan
1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status.

* Auto-configuration of account email servers, based on SRV records, is now
possible. (GLib >= 2.22 is required.)

* Added a preference to avoid automatically drafting emails that are to be
sent encrypted, (Configuration/Preferences/Compose/Writing).

* Messages saved as Drafts are now saved as New, highlighting the Drafts
folder, in order to draw the attention to unfinished mails there.

* It is now possible to add a 'Replace signature' button to the
Compose window toolbar.

* Quotation wrapping and undo/redo in the Compose window has been improved.

* 'Reply to all' now excludes your own address.

* The 'Generate X-Mailer header' option has been renamed 'Add user
agent header' and applies to both X-Mailer and X-Newsreader headers.

* Added hidden preferences, 'address_search_wildcard' and
'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.)

* Added hidden preference 'enable_avatars' to control the internal
capture/render process, and which allows disabling it by external plugins for example.

* 'Check for new folders' now only updates the folder list, not
updating the contents of folders. If needed, it can be followed by 'Check for new messages'

* When using Redirect, the redirecting account's address is used in the
SMTP MAIL FROM instead of the original sender's address.

* NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/

* Added support for an arbitrary number and sources of 'avatars' and
images for email senders, and migrated Face and X-Face headers.

* Avatars are now included when printing mails.

* The GPG keyring can now be used as the source for address auto-completion.

* The vCalendar and RSSyl plugins now have an option to disable SSL
certificate verification (and check them by default).

* The ClamAV plugin now pops up an error message only once instead of
repeatedly

* Updated the man page and the manual.

* Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish,
French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.

* Added Esperanto translation.
-------------------------------------------------------------------------------
-
ChangeLog:

* Sat Nov 1 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.11.1-2
- bump for libetpan 1.6
* Fri Oct 31 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.11.1-1
- version upgrade
- appdata removed upstream
* Sat Oct 25 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.11.0-1
- version upgrade (rhbz#1155086)
- disable SSLv3 (rhbz#1153970)
- include plugin appdata
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik@redhat.com> - 3.10.1-3
- Perl 5.20 rebuild
* Sat Aug 16 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.10.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jun 19 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.10.1-1
- version upgrade
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 26 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.10.0-1
- version upgrade (fixes rhbz: 569478,601982,977924,982533,990650,1011098,
1010993,1035851,1036346,1063035,1070480,1071327,1076387,1078996,1079509,
1079620,1081224,1085382,1090300,1096041,1096895 and similar crashes)
- add libravatar plugin
- add appdata file
* Sun May 18 2014 Peter Robinson <pbrobinson@fedoraproject.org> 3.9.3-4
- No longer needs old gnome-libs v1 for gnome-config
* Sat May 17 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.9.3-3
- rebuild for new libetpan
* Thu Apr 17 2014 Adam Williamson <awilliam@redhat.com> - 3.9.3-2
- rebuild for new libgdata
* Sun Dec 15 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.9.3-1
- version upgrade
* Mon Aug 5 2013 Michael Schwendt <mschwendt@fedoraproject.org>
- 3.9.2-7
- BR libgcrypt-devel for src/common/ssl.c
* Mon Aug 5 2013 Michael Schwendt <mschwendt@fedoraproject.org>
- 3.9.2-6
- fix FTBFS (#992061) / basically libetpan FTBFS for armv7hl
- fix Python plug-in crash: it dlopen's libpython2.7.so (#991138)
which would only be found in the optional -devel package, so replace
that with the fully versioned run-time libname in %prep
* Sat Aug 3 2013 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.9.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 3.9.2-4
- Perl 5.18 rebuild
* Sat Jul 13 2013 Michael Schwendt <mschwendt@fedoraproject.org>
- 3.9.2-3
- for Fedora based builds, require pinentry-gtk instead of the virtual
pinentry-gui, because pinentry-qt fails silently (#981923)
- fix crash in Plugins/Fancy "Save Image As" (#979700)
- in %prep section create a README.Fedora %doc file which mentions
setting $TMPDIR when using Claws Mail together with Firefox (#956380)
* Mon Jul 8 2013 Michael Schwendt <mschwendt@fedoraproject.org>
- 3.9.2-2
- fix double-free crash in "Preferences for new account" (#981889)
* Mon Jun 17 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.9.2-1
- version upgrade
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1153970 - claws-mail: disable SSLv3 completely
https://bugzilla.redhat.com/show_bug.cgi?id=1153970
[ 2 ] Bug #569478 - upstream bug 2769: crash when activating offline mode
during IMAP remote activity
https://bugzilla.redhat.com/show_bug.cgi?id=569478
[ 3 ] Bug #601982 - [abrt] crash in claws-mail-3.7.6-1.fc13: in compose_close
at compose.c:11016 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=601982
[ 4 ] Bug #977924 - [abrt] IMAP interruption side-effects /
claws-mail-3.9.2-1.fc19: folder_item_get_msginfo_by_msgid: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=977924
[ 5 ] Bug #982533 - [abrt] IMAP interruptions side-effects /
claws-mail-3.9.2-1.fc19: g_malloc0: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=982533
[ 6 ] Bug #990650 - [abrt] claws-mail-3.9.2-3.fc19: standard_calloc: Process
/usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=990650
[ 7 ] Bug #1011098 - [abrt] claws-mail-3.9.2-7.fc19: g_malloc0: Process
/usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1011098
[ 8 ] Bug #1010993 - [abrt] claws-mail-3.9.2-7.fc19: gdata plugin gnutls_init
in _int_malloc: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1010993
[ 9 ] Bug #1035851 - [abrt] mark as read / claws-mail-3.9.2-7.fc19:
gtk_cmctree_is_viewable: Process /usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1035851
[ 10 ] Bug #1036346 - [abrt] claws-mail-3.9.2-7.fc20: g_malloc0: Process
/usr/bin/claws-mail was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1036346
[ 11 ] Bug #1063035 - [abrt] claws-mail: allocator_memalign(): claws-mail
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1063035
[ 12 ] Bug #1070480 - Claws-Mail IMAP related memory corruption crash while
waiting for server response and a network reconnection happens
https://bugzilla.redhat.com/show_bug.cgi?id=1070480
[ 13 ] Bug #1071327 - [abrt] claws-mail: g_malloc(): claws-mail killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1071327
[ 14 ] Bug #1076387 - [abrt] claws-mail: summary_delete_row(): claws-mail
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1076387
[ 15 ] Bug #1078996 - [abrt] claws-mail: malloc crash from within
_cairo_polygon_intersect(): claws-mail killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1078996
[ 16 ] Bug #1079509 - [abrt] claws-mail: folder_item_get_msginfo_by_msgid():
claws-mail killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1079509
[ 17 ] Bug #1079620 - [abrt] claws-mail: set_cell_contents(): claws-mail
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1079620
[ 18 ] Bug #1081224 - [abrt] claws-mail: summary_set_row_marks(): claws-mail
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1081224
[ 19 ] Bug #1085382 - [abrt] claws-mail: g_malloc(): claws-mail killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1085382
[ 20 ] Bug #1090300 - [abrt] claws-mail: row_is_selected(): claws-mail killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1090300
[ 21 ] Bug #1096041 - [abrt] IMAP interruptions side-effects / g_malloc0():
claws-mail killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1096041
[ 22 ] Bug #1096895 - [abrt] IMAP interruptions side-effects / at
malloc.c:3645 / _cairo_traps_grow(): claws-mail killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1096895
[ 23 ] Bug #1110255 - claws-mail: stack-based off-by-one in HTML parsing
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1110255
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update claws-mail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung