CVE request: http://permalink.gmane.org/gmane.comp.security.oss.general/8561 redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=862578 claws-mail bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743 Reproducible: Always
Thanks for the report, Alexander.
I wanted to get it stabilised anyway soon: all: =mail-client/claws-mail-3.8.1-r2 amd64/x86 =mail-client/claws-mail-address_keeper-1.0.6 =mail-client/claws-mail-archive-0.6.12 =mail-client/claws-mail-att-remover-1.0.14 =mail-client/claws-mail-attachwarner-0.2.24 =mail-client/claws-mail-clamd-3.5.4 =mail-client/claws-mail-fancy-0.9.16 =mail-client/claws-mail-fetchinfo-0.4.25 =mail-client/claws-mail-gdata-0.4 =mail-client/claws-mail-geolocation-0.0.8 =mail-client/claws-mail-mailmbox-1.14.7 =mail-client/claws-mail-notification-0.30 =mail-client/claws-mail-python-0.10 =mail-client/claws-mail-rssyl-0.33 =mail-client/claws-mail-spam_report-0.3.16 =mail-client/claws-mail-tnef_parse-0.3.13 =mail-client/claws-mail-vcalendar-2.0.13 =mail-client/clawsker-0.7.8 alpha =mail-client/claws-mail-rssyl-0.33 ppc =mail-client/claws-mail-mailmbox-1.14.7 =mail-client/claws-mail-notification-0.30 =mail-client/claws-mail-rssyl-0.33 =mail-client/claws-mail-vcalendar-2.0.13 ppc64 =mail-client/claws-mail-att-remover-1.0.14 =mail-client/claws-mail-fetchinfo-0.4.25 =mail-client/claws-mail-mailmbox-1.14.7 =mail-client/claws-mail-rssyl-0.33 sparc =mail-client/claws-mail-mailmbox-1.14.7
=mail-client/claws-mail-geolocation-0.0.8 depends on =media-libs/clutter-gtk-0.10.8, but that package fails to compile: bug 435164 I added it as a depend. If some dev is not agree with that, please, feel free to remove it.
Stable for HPPA.
stable ppc ppc64
Remvoving the blocker as I do not see as an obstacle to stabilisation on unaffected architectures. But thanks.
(In reply to comment #6) > Remvoving the blocker as I do not see as an obstacle to stabilisation on > unaffected architectures. But thanks. A bug, to be in "Depends on" place, can affect for example one architecture. If you prefer we will wait alpha and sparc and add back the blocker ;)
(In reply to comment #7) > (In reply to comment #6) > > Remvoving the blocker as I do not see as an obstacle to stabilisation on > > unaffected architectures. But thanks. > > A bug, to be in "Depends on" place, can affect for example one architecture. > > If you prefer we will wait alpha and sparc and add back the blocker ;) This is a build failure that is unrelated to Claws security flaw...I could live with having claws-mail-geolocation held back for a while, it is not crucial, but the rest can go to stable.
CVE-2012-4507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4507): The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
amd64 stable
Stable on alpha.
x86 is mostly done, i only left claws-mail-geolocation for the moment as of bug 440646. I kept x86 in cc.
*** Bug 441346 has been marked as a duplicate of this bug. ***
(In reply to comment #12) > x86 is mostly done, i only left claws-mail-geolocation for the moment as of > bug 440646. I kept x86 in cc. -geolocation will be removed. Unccing x86.
sparc stable
Thanks, everyone. GLSA vote: no.
Application DOS. Vote: no. Closing noglsa.
