openSUSE-SU-2021:0695-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0695-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0695-1

Upstream

CVE-2020-14929

Related

CVE-2020-14929

Published

2021-05-09T18:05:43Z

Modified

2025-05-07T18:11:35.650278Z

Summary

Security update for alpine

Details

This update for alpine fixes the following issues:

Update to release 2.24

A few crash fixes
Implementation of XOAUTH2 for Yahoo! Mail.

Update to release 2.23.2

Expansion of the configuration screen for XOAUTH2 to include username, and tenant.
Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header.
Alpine does not generate Sender or X-X-Sender by default by enabling [X] Disable Sender as the default.
Alpine does not disclose User Agent by default by enabling [X] Suppress User Agent by default.
When messages are selected, pressing the ';' command to broaden or narrow a search, now offers the possibility to completely replace the search, and is almost equivalent to being a shortcut to 'unselect all messages, and select again'.

Update to release 2.23

Fixes boo#1173281, CVE-2020-14929: Alpine silently proceeds to use an insecure connection after a /tls is sent in certain circumstances.
Implementation of XOAUTH2 authentication support for Outlook.
Add support for the OAUTHBEARER authentication method in Gmail.
Support for the SASL-IR IMAP extension.
Alpine can pass an HTML message to an external web browser, by using the 'External' command in the ATTACHMENT INDEX screen.

Update to release 2.22

Support for XOAUTH2 authentication method in Gmail.
NTLM authentication support with the ntlm library.
Added the '/tls1_3' flag for servers that support it.
Add the 'g' option to the select command that works in IMAP servers that implement the X-GM-EXT-1 capability (such as the one offered by Gmail).
Added '/auth=XYZ' to the way to define a server. This allows users to select the method to authenticate to an IMAP, SMTP or POP3 server. Examples are /auth=plain, or /auth=gssapi, etc.
When a message is of type multipart/mixed, and its first part is multipart/signed, Alpine will include the text of the original message in a reply message, instead of including a multipart attachment.
Added backward search in the index screen.
pico: Add -dict option to Pico, which allows users to choose a dictionary when spelling.
Drop /usr/bin/mailutil, it is not built by default anymore.
Added Quota subcommands for printing, forwarding, saving, etc.

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP2 / alpine

Package

Name: alpine
Purl: pkg:rpm/suse/alpine&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24-bp152.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "pilot": "2.99-bp152.4.3.1",
            "alpine": "2.24-bp152.4.3.1",
            "pico": "5.07-bp152.4.3.1"
        }
    ]
}