Summary: | mail-client/sylpheed: ignores STARTTLS preference (vulnerable to STARTTLS stripping) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bircoph, hattya |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sylpheed.sraoss.jp/redmine/issues/322 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 807352 |
Description
Sam James
2021-08-10 01:44:16 UTC
Very frustrating. Bug is untouched by upstream despite actively committing. $URL is dead meanwhile as repository and issue tracking moved to github: https://sylpheed.sraoss.jp/en/news.html Not really "moved" though I guess since issues is basically empty: https://github.com/sylpheed-mail/sylpheed/issues Is there really a legitimate reason to use sylpheed over claws? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6dc9d4f835082cac9bc7d71dc13bb77014d5790c commit 6dc9d4f835082cac9bc7d71dc13bb77014d5790c Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-05-01 05:01:05 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-01 05:02:26 +0000 profiles: last rite sylpheed Bug: https://bugs.gentoo.org/664070 Bug: https://bugs.gentoo.org/769293 Bug: https://bugs.gentoo.org/807358 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) (In reply to Sam James from comment #3) > Is there really a legitimate reason to use sylpheed over claws? Yes. It has just necessary minimal HTML e-mails support, which is more convenient and secure than what claws provides. I doubt it's more secure given it's rotting. Claws has its own lighter HTML option as well. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0fca6e9ac605eecb019c47cdc23f38cbcae8474 commit b0fca6e9ac605eecb019c47cdc23f38cbcae8474 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2023-06-01 18:46:19 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2023-06-03 05:23:35 +0000 mail-client/sylpheed: treeclean Closes: https://bugs.gentoo.org/769293 Closes: https://bugs.gentoo.org/664070 Bug: https://bugs.gentoo.org/805338 Bug: https://bugs.gentoo.org/807358 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> mail-client/sylpheed/Manifest | 1 - .../sylpheed/files/sylpheed-CVE-2021-37746.patch | 39 ------------ mail-client/sylpheed/files/sylpheed-tls-1.3.patch | 17 ------ mail-client/sylpheed/metadata.xml | 11 ---- mail-client/sylpheed/sylpheed-3.7.0-r5.ebuild | 69 ---------------------- profiles/package.mask | 6 -- 6 files changed, 143 deletions(-) Thanks Jakov, all done! |