Summary: | <kde-apps/kmail-account-wizard-20.04.3-r1, <kde-apps/kdepim-runtime-21.08.3-r1: Possible improper TLS handling (CVE-2020-15954) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.kde.org/show_bug.cgi?id=423426 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 731966, 822177 | ||
Bug Blocks: | 807352 |
Description
John Helmert III
2020-07-27 18:08:09 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=532434ebeb2f497074e85ce7babad5e12abf2f21 commit 532434ebeb2f497074e85ce7babad5e12abf2f21 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-01 15:50:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-01 22:57:18 +0000 kde-apps/kmail-account-wizard: Fix CVE-2020-15954 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> ...ail-account-wizard-20.04.3-CVE-2020-15954.patch | 81 ++++++++++++++++++++++ .../kmail-account-wizard-20.04.3-r1.ebuild | 55 +++++++++++++++ 2 files changed, 136 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b890132492bdf7f2a8de0156c370574a4ab5f13a commit b890132492bdf7f2a8de0156c370574a4ab5f13a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-01 15:46:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-01 22:57:17 +0000 kde-apps/kdepim-runtime: Fix CVE-2020-15954 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime-20.04.3-CVE-2020-15954.patch | 28 +++++++ .../kdepim-runtime-20.04.3-r1.ebuild | 91 ++++++++++++++++++++++ 2 files changed, 119 insertions(+) Thanks. Tell us when ready to stable. Sanity check failed:
> kde-apps/kmail-account-wizard-20.04.3-r1
> depend arm64 stable profile default/linux/arm64/17.0 (9 total)
> >=kde-apps/akonadi-20.04.3:5
> >=kde-apps/kidentitymanagement-20.04.3:5
> >=kde-apps/kldap-20.04.3:5
> >=kde-apps/kmailtransport-20.04.3:5
> >=kde-apps/libkdepim-20.04.3:5
> >=kde-apps/libkleo-20.04.3:5
> >=kde-apps/pimcommon-20.04.3:5
> rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
> >=kde-apps/akonadi-20.04.3:5
> >=kde-apps/kidentitymanagement-20.04.3:5
> >=kde-apps/kldap-20.04.3:5
> >=kde-apps/kmailtransport-20.04.3:5
> >=kde-apps/libkdepim-20.04.3:5
> >=kde-apps/libkleo-20.04.3:5
> >=kde-apps/pimcommon-20.04.3:5
> kde-apps/kdepim-runtime-20.04.3-r1
> depend arm64 stable profile default/linux/arm64/17.0 (9 total)
> >=kde-apps/akonadi-20.04.3:5
> >=kde-apps/akonadi-calendar-20.04.3:5
> >=kde-apps/akonadi-contacts-20.04.3:5
> >=kde-apps/akonadi-mime-20.04.3:5
> >=kde-apps/akonadi-notes-20.04.3:5
> >=kde-apps/kalarmcal-20.04.3:5
> >=kde-apps/kcalutils-20.04.3:5
> >=kde-apps/kdav-20.04.3:5
> >=kde-apps/kidentitymanagement-20.04.3:5
> >=kde-apps/kimap-20.04.3:5
> >=kde-apps/kimap-20.04.3:5[test]
> >=kde-apps/kmailtransport-20.04.3:5
> >=kde-apps/kmbox-20.04.3:5
> >=kde-apps/kmime-20.04.3:5
> >=kde-apps/libkgapi-20.04.3:5
> >=kde-apps/pimcommon-20.04.3:5
> >=kde-frameworks/kdav-5.70.0:5
> rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
> >=kde-apps/akonadi-20.04.3:5
> >=kde-apps/akonadi-calendar-20.04.3:5
> >=kde-apps/akonadi-contacts-20.04.3:5
> >=kde-apps/akonadi-mime-20.04.3:5
> >=kde-apps/akonadi-notes-20.04.3:5
> >=kde-apps/kalarmcal-20.04.3:5
> >=kde-apps/kcalutils-20.04.3:5
> >=kde-apps/kdav-20.04.3:5
> >=kde-apps/kidentitymanagement-20.04.3:5
> >=kde-apps/kimap-20.04.3:5
> >=kde-apps/kmailtransport-20.04.3:5
> >=kde-apps/kmbox-20.04.3:5
> >=kde-apps/kmime-20.04.3:5
> >=kde-apps/libkgapi-20.04.3:5
> >=kde-apps/pimcommon-20.04.3:5
> >=kde-frameworks/kdav-5.70.0:5
All sanity-check issues have been resolved arm64 stable x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe9566dbf9ea137ebcf317597dda48f9659ccd18 commit fe9566dbf9ea137ebcf317597dda48f9659ccd18 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-05 14:31:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-06 15:04:36 +0000 kde-apps/kmail-account-wizard: Drop 20.04.3 (r0) Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kmail-account-wizard-20.04.3.ebuild | 53 ---------------------- 1 file changed, 53 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75be503641bfc5f16b7a96492229aa145321ca2c commit 75be503641bfc5f16b7a96492229aa145321ca2c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-05 14:30:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-06 15:04:36 +0000 kde-apps/kdepim-runtime: Drop 20.04.3 (r0) Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime/kdepim-runtime-20.04.3.ebuild | 89 ---------------------- 1 file changed, 89 deletions(-) Thanks. Cleanup done. GLSA vote: no Closing. Reopened upstream. https://bugs.kde.org/show_bug.cgi?id=423426#c8 Resetting sanity check; package list is empty or all packages are done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c480e1e4a9dff1f0ef70c19ab791ec1a202e9734 commit c480e1e4a9dff1f0ef70c19ab791ec1a202e9734 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-13 17:40:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-13 19:50:48 +0000 kde-apps/kdepim-runtime: Make POP3 setup wizard check encrypt support Upstream commit 35447bd04e8c12afac524e1c4556ef3db088e014 KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423426 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime-21.08.3-CVE-2020-15954.patch | 110 +++++++++++++++++++++ .../kdepim-runtime-21.08.3-r1.ebuild | 90 +++++++++++++++++ 2 files changed, 200 insertions(+) No further change to kde-apps/kmail-account-wizard necessary in 21.08.3. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a799563f477ed02c84d96781931e9e4ff218232 commit 9a799563f477ed02c84d96781931e9e4ff218232 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-28 13:08:31 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-29 13:51:54 +0000 kde-apps/kdepim-runtime: drop 21.04.3* Bug: https://bugs.gentoo.org/734126 Bug: https://bugs.gentoo.org/807355 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/kdepim-runtime/Manifest | 1 - .../kdepim-runtime/kdepim-runtime-21.04.3.ebuild | 88 ---------------------- 2 files changed, 89 deletions(-) cleanup done Thanks! All done, again. |