This upstream bug was fixed in 3.13.1: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 The title is "Remotely exploitable bug", but the information is a bit unclear. It looks like this is a stack overflow. Anyway, probably means 3.13.1 should receive fast stabilization and a GLSA. This version also fixes two oob errors I reported, I don't think they're security risks, but for completeness here they are (some consider every oob issue to be worthy of treating as a potential security issue): http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559 http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563
Arches please test and mark stable =mail-client/claws-mail-3.13.1 with target KEYWORDS: alpha amd64 ~arm hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd
AMD 64: OK
Stable for HPPA.
I'm having a bit of trouble testing on PPC64 since dev-libs/libgdata -> net-libs/gnome-online-accounts -> [PDEPEND]: gnome-base/gnome-control-center pulls in half the GNOME distribution. I could mask USE=gnome easily, though.
we will continue in bug 570692
Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201606-11 at https://security.gentoo.org/glsa/201606-11 by GLSA coordinator Aaron Bauman (b-man).