openSUSE-SU-2021:1045-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1045-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1045-1
Related
Published
2021-07-15T22:06:35Z
Modified
2021-07-15T22:06:35Z
Summary
Security update for claws-mail
Details

This update for claws-mail fixes the following issues:

Update to 3.18.0

  • Support for the OAuth2 authorisation protocol has been added for IMAP, POP and SMTP using custom, user-generated client IDs. OAuth2 preferences are found in the Account Preferences on the Receive page (for POP: Authenticate before POP connection, for IMAP: Authentication method); the Send page (SMTP authentication: Authentication method); and on a dedicated OAuth2 page.
  • The option 'Save (X-)Face in address book if possible' has been added to the /Message View/Text Options preferences page. Previously the (X-)Face would be saved automatically, therefore this option is turned on by default.
  • The Image Viewer has been reworked. New options have been added to /Message View/Image Viewer: when resizing images, either fit the image width or fit the image height to the available space. Fitting the image height is the default. Regardless of this setting, when displaying images inline they will fit the height. When displaying an image, left-clicking the image will toggle between full size and reduced size; right-clicking will toggle between fitting the height and fitting the width.
  • When re-editing a saved message, it is now possible to use /Options/Remove References.
  • It is now possible to attempt to retrieve a missing GPG key via WKD.
  • The man page has been updated.
  • Updated translations: Brazilian Portuguese, British English, Catalan, Czech, Danish, Dutch, French, Polish, Romanian, Russian, Slovak, Spanish, Traditional Chinese, Turkish.
  • bug fixes: claws#2411, claws#4326, claws#4394, claws#4431, claws#4445, claws#4447, claws#4455, claws#4473

    • stop WM's X button from causing GPG key fetch attempt
    • Make fancy respect default font size for messageview
    • harden link checker before accepting click
    • non-display of (X-)Face when prefscommon.enableavatars is AVATARSENABLERENDER (2)
    • debian bug #983778, 'Segfault on selecting empty 'X-Face' custom header'
  • It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues.

  • A Phishing warning is now shown when copying a phishing URL, (in addition to clicking a phishing URL).
  • The progress window when importing an mbox file is now more responsive.
  • A warning dialogue is shown if the selected privacy system is 'None' and automatic signing amd/or encrypting is enabled.
  • Python plugin: pkgconfig is now used to check for python2. This enables the Python plugin (which uses python2) to be built on newer systems which have both python2 and python3.

    Bug fixes:

  • bug 3922, 'minimize to tray on startup not working'

  • bug 4220, 'generates files in cache without content'
  • bug 4325, 'Following redirects when retrieving image'
  • bug 4342, 'Import mbox file command doesn't work twice on a row'
  • fix STARTTLS protocol violation CVE-2020-15917 boo#1174457)
  • fix initial debug line
  • fix fat-fingered crash when v (hiding msgview) is pressed just before c (check signature)
  • fix non-translation of some Templates strings
References

Affected packages

SUSE:Package Hub 15 SP2 / claws-mail

Package

Name
claws-mail
Purl
pkg:rpm/suse/claws-mail&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.0-bp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "claws-mail-devel": "3.18.0-bp153.2.3.1",
            "claws-mail-lang": "3.18.0-bp153.2.3.1",
            "claws-mail": "3.18.0-bp153.2.3.1"
        }
    ]
}

SUSE:Package Hub 15 SP3 / claws-mail

Package

Name
claws-mail
Purl
pkg:rpm/suse/claws-mail&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.0-bp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "claws-mail-devel": "3.18.0-bp153.2.3.1",
            "claws-mail-lang": "3.18.0-bp153.2.3.1",
            "claws-mail": "3.18.0-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.2 / claws-mail

Package

Name
claws-mail
Purl
pkg:rpm/opensuse/claws-mail&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.0-bp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "claws-mail-devel": "3.18.0-bp153.2.3.1",
            "claws-mail-lang": "3.18.0-bp153.2.3.1",
            "claws-mail": "3.18.0-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / claws-mail

Package

Name
claws-mail
Purl
pkg:rpm/opensuse/claws-mail&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.18.0-bp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "claws-mail-devel": "3.18.0-bp153.2.3.1",
            "claws-mail-lang": "3.18.0-bp153.2.3.1",
            "claws-mail": "3.18.0-bp153.2.3.1"
        }
    ]
}