claws-mail - Debian Package Tracker

general

source: claws-mail (main)
version: 3.18.0-1
maintainer: Ricardo Mones (DMD) (LowNMU)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.14.1-3
o-o-bpo: 3.17.1-1~bpo9+1
oldstable: 3.17.3-2
stable: 3.17.8-1
testing: 3.18.0-1
unstable: 3.18.0-1
exp: 4.0.0-1

versioned links

3.14.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

claws-mail (50 bugs: 0, 21, 29, 0)
claws-mail-acpi-notifier
claws-mail-address-keeper (1 bugs: 0, 1, 0, 0)
claws-mail-archiver-plugin
claws-mail-attach-remover
claws-mail-attach-warner
claws-mail-bogofilter (2 bugs: 0, 0, 2, 0)
claws-mail-bsfilter-plugin
claws-mail-clamd-plugin (1 bugs: 0, 0, 1, 0)
claws-mail-dillo-viewer (1 bugs: 0, 0, 1, 0)
claws-mail-doc
claws-mail-extra-plugins
claws-mail-feeds-reader
claws-mail-fetchinfo-plugin
claws-mail-gdata-plugin (1 bugs: 0, 1, 0, 0)
claws-mail-i18n
claws-mail-libravatar
claws-mail-litehtml-viewer
claws-mail-mailmbox-plugin
claws-mail-managesieve
claws-mail-multi-notifier
claws-mail-newmail-plugin
claws-mail-pdf-viewer
claws-mail-perl-filter
claws-mail-pgpinline (3 bugs: 0, 1, 2, 0)
claws-mail-pgpmime (2 bugs: 0, 2, 0, 0)
claws-mail-plugins
claws-mail-smime-plugin
claws-mail-spam-report
claws-mail-spamassassin (2 bugs: 0, 0, 2, 0)
claws-mail-tnef-parser (1 bugs: 0, 0, 1, 0)
claws-mail-tools (1 bugs: 0, 0, 1, 0)
claws-mail-vcalendar-plugin (3 bugs: 0, 2, 1, 0)
libclaws-mail-dev

action needed

A new upstream version is available: 4.0.0 high

A new upstream version 4.0.0 is available, you should consider packaging it.

Created: 2021-07-12 Last update: 2022-01-29 09:05

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-10735: In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Created: 2021-02-19 Last update: 2021-12-05 06:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2019-10735: In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Created: 2021-08-15 Last update: 2021-12-05 06:30

Depends on packages which need a new maintainer normal

The packages that claws-mail depends on which need a new maintainer are:

nedit (#962976)
- Suggests: nedit

Created: 2019-11-22 Last update: 2022-01-29 10:35

2 bugs tagged help in the BTS normal

The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2022-01-29 10:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2021-08-14 Last update: 2022-01-29 10:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2021-10-13 21:31

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

claws-mail: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:12

4 low-priority security issues in buster low

There are 4 open security issues in buster.

4 issues left for the package maintainer to handle:

CVE-2019-10735: (postponed; to be fixed through a stable update) In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2020-15917: (needs triaging) common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
CVE-2020-16094: (needs triaging) In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2021-37746: (needs triaging) textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-12-05 06:30

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2019-10735: (needs triaging) In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2021-37746: (needs triaging) textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-14 Last update: 2021-12-05 06:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-09-05 06:00

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-perl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the perl-5.34 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-10-20] Accepted claws-mail 4.0.0-1 (source) into experimental (Ricardo Mones)
[2021-09-10] claws-mail 3.18.0-1 MIGRATED to testing (Debian testing watch)
[2021-09-05] Accepted claws-mail 3.18.0-1 (source) into unstable (Ricardo Mones)
[2020-10-31] claws-mail 3.17.8-1 MIGRATED to testing (Debian testing watch)
[2020-10-25] Accepted claws-mail 3.17.8-1 (source) into unstable (Ricardo Mones)
[2020-10-10] claws-mail 3.17.7-1 MIGRATED to testing (Debian testing watch)
[2020-10-04] Accepted claws-mail 3.17.7-1 (source) into unstable (Ricardo Mones)
[2020-07-23] claws-mail 3.17.6-1 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted claws-mail 3.17.6-1 (source) into unstable (Ricardo Mones)
[2020-02-27] claws-mail 3.17.5-2 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted claws-mail 3.17.5-2 (source) into unstable (Ricardo Mones)
[2020-02-24] Accepted claws-mail 3.17.5-1 (source) into unstable (Ricardo Mones)
[2020-01-31] claws-mail 3.17.4-3 MIGRATED to testing (Debian testing watch)
[2020-01-29] Accepted claws-mail 3.17.4-3 (source) into unstable (Ricardo Mones)
[2019-11-01] claws-mail 3.17.4-2 MIGRATED to testing (Debian testing watch)
[2019-10-14] Accepted claws-mail 3.17.4-2 (source) into unstable (Ricardo Mones)
[2019-10-12] claws-mail REMOVED from testing (Debian testing watch)
[2019-08-08] Accepted claws-mail 3.17.4-1 (source amd64 all) into unstable, unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2019-04-09] claws-mail 3.17.3-2 MIGRATED to testing (Debian testing watch)
[2019-04-03] Accepted claws-mail 3.17.3-2 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2019-01-04] claws-mail 3.17.3-1 MIGRATED to testing (Debian testing watch)
[2018-12-29] Accepted claws-mail 3.17.3-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-12-21] claws-mail 3.17.2-1 MIGRATED to testing (Debian testing watch)
[2018-12-15] Accepted claws-mail 3.17.2-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-09-12] Accepted claws-mail 3.17.1-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Stephen Kitt)
[2018-09-01] claws-mail 3.17.1-1 MIGRATED to testing (Debian testing watch)
[2018-08-26] Accepted claws-mail 3.17.1-1 (source amd64 all) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-08-26] claws-mail 3.17.0-1 MIGRATED to testing (Debian testing watch)
[2018-08-20] Accepted claws-mail 3.17.0-1 (source amd64 all) into unstable, unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2018-08-02] Accepted claws-mail 3.16.0-2~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Stephen Kitt)

bugs [bug history graph]

all: 66 69
RC: 0
I&N: 27 28
M&W: 39 41
F&P: 0
patch: 1
help: 2

links

homepage
buildd: logs, exp, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 93)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0-1
32 bugs (1 patch)