807358 – mail-client/sylpheed: ignores STARTTLS preference (vulnerable to STARTTLS stripping)

Bug 807358 - mail-client/sylpheed: ignores STARTTLS preference (vulnerable to STARTTLS stripping)

Summary: mail-client/sylpheed: ignores STARTTLS preference (vulnerable to STARTTLS str...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://sylpheed.sraoss.jp/redmine/is...
Whiteboard:	B4 [noglsa]
Keywords:	PMASKED

Depends on:
Blocks:	807352
	Show dependency tree

Reported:	2021-08-10 01:44 UTC by Sam James
Modified:	2023-06-11 18:57 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2021-08-10 01:44:16 UTC

See bug link. No comment upstream.

Comment 1 John Helmert III archtester

2022-11-01 20:48:01 UTC

Very frustrating. Bug is untouched by upstream despite actively committing.

Comment 2 Andreas Sturmlechner gentoo-dev

2023-02-05 18:14:29 UTC

$URL is dead meanwhile as repository and issue tracking moved to github: https://sylpheed.sraoss.jp/en/news.html

Not really "moved" though I guess since issues is basically empty: https://github.com/sylpheed-mail/sylpheed/issues

Comment 3 Sam James archtester

2023-02-05 18:16:09 UTC

Is there really a legitimate reason to use sylpheed over claws?

Comment 4 Larry the Git Cow gentoo-dev

2023-05-01 05:02:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6dc9d4f835082cac9bc7d71dc13bb77014d5790c

commit 6dc9d4f835082cac9bc7d71dc13bb77014d5790c
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-05-01 05:01:05 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-05-01 05:02:26 +0000

    profiles: last rite sylpheed
    
    Bug: https://bugs.gentoo.org/664070
    Bug: https://bugs.gentoo.org/769293
    Bug: https://bugs.gentoo.org/807358
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 5 Andrew Savchenko gentoo-dev

2023-05-03 00:44:59 UTC

(In reply to Sam James from comment #3)
> Is there really a legitimate reason to use sylpheed over claws?

Yes. It has just necessary minimal HTML e-mails support, which is more convenient and secure than what claws provides.

Comment 6 Sam James archtester

2023-05-03 13:01:09 UTC

I doubt it's more secure given it's rotting. Claws has its own lighter HTML option as well.

Comment 7 Larry the Git Cow gentoo-dev

2023-06-03 05:24:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0fca6e9ac605eecb019c47cdc23f38cbcae8474

commit b0fca6e9ac605eecb019c47cdc23f38cbcae8474
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2023-06-01 18:46:19 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2023-06-03 05:23:35 +0000

    mail-client/sylpheed: treeclean
    
    Closes: https://bugs.gentoo.org/769293
    Closes: https://bugs.gentoo.org/664070
    Bug: https://bugs.gentoo.org/805338
    Bug: https://bugs.gentoo.org/807358
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 mail-client/sylpheed/Manifest                      |  1 -
 .../sylpheed/files/sylpheed-CVE-2021-37746.patch   | 39 ------------
 mail-client/sylpheed/files/sylpheed-tls-1.3.patch  | 17 ------
 mail-client/sylpheed/metadata.xml                  | 11 ----
 mail-client/sylpheed/sylpheed-3.7.0-r5.ebuild      | 69 ----------------------
 profiles/package.mask                              |  6 --
 6 files changed, 143 deletions(-)

Comment 8 John Helmert III archtester

2023-06-11 18:57:47 UTC

Thanks Jakov, all done!