Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.853554
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for claws-mail (openSUSE-SU-2020:1822-1)
Summary:The remote host is missing an update for the 'claws-mail'; package(s) announced via the openSUSE-SU-2020:1822-1 advisory.
Description:Summary:
The remote host is missing an update for the 'claws-mail'
package(s) announced via the openSUSE-SU-2020:1822-1 advisory.

Vulnerability Insight:
This update for claws-mail fixes the following issues:

- Additional cleanup of the template handling

claws-mail was updated to 3.17.8 (boo#1177967)

* Shielded template's program{} and attach_program{} so that the
command-line that is executed does not allow sequencing such as with
&& , , preventing possible execution of nasty, or at least
unexpected, commands

* bug fixes: claws#4376

* updated English, French, and Spanish manuals

- Update to 3.17.7

* Image Viewer: Image attachments, when displayed, are now resized to
fit the available width rather than the available height.

* -d is now an alias to --debug.

* Libravatar plugin: New styles supported: Robohash and Pagan.

* SpamAssassin plugin: The 'Maximum size' option now matches
SpamAssassin's maximum, it can now handle messages up to 256MB.

* LiteHTML viewer plugin: The UI is now translatable. Bug fixes:

* bug 4313, 'Recursion stack overflow with rebuilding folder tree'

* bug 4372, '[pl_PL] Crash after 'Send later' without recipient and then
'Close''

* bug 4373, 'attach mailto URI double free'

* bug 4374, 'insert mailto URI misses checks'

* bug 4384, 'U+00AD (soft hyphen) changed to space in Subject'

* bug 4386, 'Allow Sieve config without userid without warning'

* Add missing SSL settings when cloning accounts.

* Parsing of command-line arguments.

* PGP Core plugin: fix segv in address completion with a keyring.

* Libravatar plugin: fixes to image display.

- Disable python-gtk plugin on suse_version > 1500: still relying
on python2, which is EOL.

- Update to 3.17.6:

* It is now possible to 'Inherit Folder properties and processing rules
from parent folder' when creating new folders with the move message
and copy message dialogues.

* A Phishing warning is now shown when copying a phishing URL, (in
addition to clicking a phishing URL).

* The progress window when importing an mbox file is now more responsive.

* A warning dialogue is shown if the selected privacy system is 'None'
and automatic signing amd/or encrypting is enabled.

* Python plugin: pkgconfig is now used to check for python2. This
enables the Python plugin (which uses python2) to be built on newer
systems which have both python2 and python3. Bug fixes:

* bug 3922, 'minimize to tray on startup not working'

* bug 4220, 'generates files in cache without content'

* bug 4325, 'Following redirects when retrieving image'

* bug 4342, 'Import mbox file command doesn't work twice on a row'

* fix STARTTLS protocol violation

* fix initial de ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'claws-mail' package(s) on openSUSE Leap 15.2, openSUSE Leap 15.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-15917
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.