ALT-PU-2014-1689-1
Package claws-mail updated to version 3.10.0-alt1 for branch sisyphus in task 120337.
Closed vulnerabilities
Published: 2014-10-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
Severity: MEDIUM (6.8)
References:
- openSUSE-SU-2014:1291
- openSUSE-SU-2014:1291
- [oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
- [oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
- 60422
- 60422
- [claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
- [claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
- http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
- http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106