Branch t7 update bulletin.

Package claws-mail updated to version 3.10.0-alt0.M70P.1 for branch t7 in task 120432.

Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-2576

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Severity: MEDIUM (6.8)

References:

openSUSE-SU-2014:1291
openSUSE-SU-2014:1291
[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
60422
60422
[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106

Version: 2.1.0

Branch t7 update on 2014-05-29

ALT-BU-2014-2795-1

ALT-PU-2014-1694-1

Closed vulnerabilities

CVE-2014-2576