From the upstream bug at $URL: Description of problem: I use a imapx account with TLS security. When I send a message, I get this error : [CLIENTBUG] Plaintext authentication disallowed on non-secure (SSL-TLS) connections. My mail server is configured to refuse plaintext login on non secure connection. Evolution is correctly configured to use secure connection (I tried with both TLS and SSL) settings. So after sending a message it seems to ignore this settings when trying to move the message to the sent folder. Version-Release number of selected component (if applicable): evolution-3.0.0-1.fc15 Steps to Reproduce: 1. Use mail server with plaintext login refused on non secure connection 2. Configure imapx account with TLS connection 3. Configure the account to store sent mail on imap server 4. Send mail Actual results: Evolution cannot store the mail in sent folder. Expected results: Mail stored in imap folder using TLS. Additional info: It is also a security risk, because Evolution sends plaintext password though it is configured not to do so.
Setting whiteboard to [upstream] as the upstream change [1] that corrected the problem is apparently not easily back-ported to the versions we're using. [1] http://git.gnome.org/browse/evolution-data-server/commit/?id=e0ac4d79705c
Hi Tim, finding more info, I see secunia advisory[1] about it, and: 1)I think that is gnome-extra/evolution-data-server instead of mail-client/evolution 2) This advisory says that is affected 3.x version; sure that also 2.x is affected? [1]: https://secunia.com/advisories/45941/
I think this is fixed in our part, right?
Fixed in 3.1.2, 3.8.5 was stabilized in bug #478252
(In reply to Pacho Ramos from comment #4) > Fixed in 3.1.2, 3.8.5 was stabilized in bug #478252 I think nothing more is needed from us... if that is not the case feel free to CC us again :)
GLSA Vote: No
GLSA vote: no. Closing as [noglsa]