claws-mail - Debian Package Tracker

general

source: claws-mail (main)
version: 3.17.8-1
maintainer: Ricardo Mones (DMD) (LowNMU)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.14.1-3
old-bpo: 3.17.1-1~bpo9+1
stable: 3.17.3-2
testing: 3.17.8-1
unstable: 3.17.8-1

versioned links

3.14.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

claws-mail (52 bugs: 0, 22, 30, 0)
claws-mail-acpi-notifier
claws-mail-address-keeper (1 bugs: 0, 1, 0, 0)
claws-mail-archiver-plugin
claws-mail-attach-remover
claws-mail-attach-warner
claws-mail-bogofilter (2 bugs: 0, 0, 2, 0)
claws-mail-bsfilter-plugin
claws-mail-clamd-plugin (1 bugs: 0, 0, 1, 0)
claws-mail-dillo-viewer (1 bugs: 0, 0, 1, 0)
claws-mail-doc
claws-mail-extra-plugins
claws-mail-feeds-reader
claws-mail-fetchinfo-plugin
claws-mail-gdata-plugin (1 bugs: 0, 1, 0, 0)
claws-mail-i18n
claws-mail-libravatar
claws-mail-litehtml-viewer
claws-mail-mailmbox-plugin
claws-mail-managesieve
claws-mail-multi-notifier
claws-mail-newmail-plugin
claws-mail-pdf-viewer
claws-mail-perl-filter
claws-mail-pgpinline (3 bugs: 0, 1, 2, 0)
claws-mail-pgpmime (2 bugs: 0, 2, 0, 0)
claws-mail-plugins
claws-mail-smime-plugin
claws-mail-spam-report
claws-mail-spamassassin (2 bugs: 0, 0, 2, 0)
claws-mail-tnef-parser (1 bugs: 0, 0, 1, 0)
claws-mail-tools (1 bugs: 0, 0, 1, 0)
claws-mail-vcalendar-plugin (3 bugs: 0, 2, 1, 0)
libclaws-mail-dev

action needed

A new upstream version is available: 4.0.0 high

A new upstream version 4.0.0 is available, you should consider packaging it.

Created: 2021-07-12 Last update: 2021-08-01 14:35

4 security issues in stretch high

There are 4 open security issues in stretch.

1 important issue:

CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

3 issues postponed or untriaged:

CVE-2019-10735: (postponed; to be fixed through a stable update) In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2020-15917: (needs triaging) common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
CVE-2020-16094: (needs triaging) In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

Created: 2021-07-30 Last update: 2021-08-01 06:00

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-10735: In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

Created: 2021-02-19 Last update: 2021-08-01 06:00

4 security issues in buster high

There are 4 open security issues in buster.

1 important issue:

CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

3 issues left for the package maintainer to handle:

CVE-2019-10735: (postponed; to be fixed through a stable update) In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2020-15917: (needs triaging) common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
CVE-2020-16094: (needs triaging) In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-08-01 06:00

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

1 issue postponed or untriaged:

CVE-2019-10735: (needs triaging) In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Created: 2021-07-30 Last update: 2021-08-01 06:00

2 bugs tagged help in the BTS normal

The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2021-08-01 14:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-08-01 14:30

Depends on packages which need a new maintainer normal

The packages that claws-mail depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl
nedit (#962976)
- Suggests: nedit

Created: 2019-11-22 Last update: 2021-08-01 13:06

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:01

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

claws-mail: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:12

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-perl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-10-31] claws-mail 3.17.8-1 MIGRATED to testing (Debian testing watch)
[2020-10-25] Accepted claws-mail 3.17.8-1 (source) into unstable (Ricardo Mones)
[2020-10-10] claws-mail 3.17.7-1 MIGRATED to testing (Debian testing watch)
[2020-10-04] Accepted claws-mail 3.17.7-1 (source) into unstable (Ricardo Mones)
[2020-07-23] claws-mail 3.17.6-1 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted claws-mail 3.17.6-1 (source) into unstable (Ricardo Mones)
[2020-02-27] claws-mail 3.17.5-2 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted claws-mail 3.17.5-2 (source) into unstable (Ricardo Mones)
[2020-02-24] Accepted claws-mail 3.17.5-1 (source) into unstable (Ricardo Mones)
[2020-01-31] claws-mail 3.17.4-3 MIGRATED to testing (Debian testing watch)
[2020-01-29] Accepted claws-mail 3.17.4-3 (source) into unstable (Ricardo Mones)
[2019-11-01] claws-mail 3.17.4-2 MIGRATED to testing (Debian testing watch)
[2019-10-14] Accepted claws-mail 3.17.4-2 (source) into unstable (Ricardo Mones)
[2019-10-12] claws-mail REMOVED from testing (Debian testing watch)
[2019-08-08] Accepted claws-mail 3.17.4-1 (source amd64 all) into unstable, unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2019-04-09] claws-mail 3.17.3-2 MIGRATED to testing (Debian testing watch)
[2019-04-03] Accepted claws-mail 3.17.3-2 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2019-01-04] claws-mail 3.17.3-1 MIGRATED to testing (Debian testing watch)
[2018-12-29] Accepted claws-mail 3.17.3-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-12-21] claws-mail 3.17.2-1 MIGRATED to testing (Debian testing watch)
[2018-12-15] Accepted claws-mail 3.17.2-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-09-12] Accepted claws-mail 3.17.1-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Stephen Kitt)
[2018-09-01] claws-mail 3.17.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-26] Accepted claws-mail 3.17.1-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-08-26] claws-mail 3.17.0-1 MIGRATED to testing (Debian testing watch)
[2018-08-20] Accepted claws-mail 3.17.0-1 (source amd64 all) into unstable, unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-08-02] Accepted claws-mail 3.16.0-2~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Stephen Kitt)
[2018-05-13] claws-mail 3.16.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-10] Accepted claws-mail 3.16.0-2 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2017-12-23] claws-mail 3.16.0-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 70 73
RC: 0
I&N: 30 31
M&W: 40 42
F&P: 0
patch: 1
help: 2

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 94)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.17.8-1build2
31 bugs (1 patch)