blob: fbe5dfb4aca26c4456c59384f8dcf5a1acd0c65d [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201606-11">
<title>claws-mail: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in claws-mail,
particularly in the default SSL implementation.
<product type="ebuild"></product>
<announced>June 26, 2016</announced>
<revised>June 26, 2016: 1</revised>
<package name="mail-client/claws-mail" auto="yes" arch="*">
<unaffected range="ge">3.13.2</unaffected>
<vulnerable range="lt">3.13.2</vulnerable>
<p>Claws Mail is a GTK based e-mail client.</p>
<p>Multiple vulnerabilities have been discovered in claws-mail. Please
review the CVE identifiers referenced below for details.
<impact type="normal">
<p>An attacker could possibly intercept communications due to the default
implementation of SSL 3.0.
<p>There is no known workaround at this time.</p>
<p>All claws-mail users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/claws-mail-3.13.2"
<uri link="">CVE-2014-3566</uri>
<uri link="">CVE-2015-8614</uri>
<uri link="">CVE-2015-8614</uri>
<uri link="">CVE-2015-8708</uri>
<uri link="">CVE-2015-8708</uri>
<metadata tag="requester" timestamp="Tue, 26 Apr 2016 06:27:10 +0000">
<metadata tag="submitter" timestamp="Sun, 26 Jun 2016 12:30:09 +0000">b-man</metadata>