Branch sisyphus update bulletin.

Package gqview updated to version 2.1.5-alt8 for branch sisyphus in task 120295.

Не хватает зависимости на ImageMagick-tools (не работает поворот изображений)

Package claws-mail updated to version 3.10.0-alt1 for branch sisyphus in task 120337.

Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-2576

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Severity: MEDIUM (6.8)

References:

openSUSE-SU-2014:1291
openSUSE-SU-2014:1291
[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
60422
60422
[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106

Version: 2.1.0

Branch sisyphus update on 2014-05-27

ALT-BU-2014-2791-1

ALT-PU-2014-1686-1

Closed bugs

Bug #30094

ALT-PU-2014-1689-1

Closed vulnerabilities

CVE-2014-2576