Bug#966667: marked as done (kmail-account-wizard: CVE-2020-15954)
Your message dated Sat, 22 Aug 2020 09:05:11 +0000
with message-id <E1k9PSZ-000CbJ-5r@fasolo.debian.org>
and subject line Bug#966667: fixed in kmail-account-wizard 4:20.04.1-2
has caused the Debian Bug report #966667,
regarding kmail-account-wizard: CVE-2020-15954
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
966667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966667
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: kdepim-runtime
Version: 4:20.04.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:kmail-account-wizard 4:20.04.1-1
Control: retitle -2 kmail-account-wizard: CVE-2020-15954
Hi,
The following vulnerability was published for
kdepim-runtime/kmail-account-wizard.
CVE-2020-15954[0]:
| KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3
| communication during times when the UI indicates that encryption is in
| use.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15954
[1] https://bugs.kde.org/show_bug.cgi?id=423426
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kmail-account-wizard
Source-Version: 4:20.04.1-2
Done: Pino Toscano <pino@debian.org>
We believe that the bug you reported is fixed in the latest version of
kmail-account-wizard, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 966667@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pino Toscano <pino@debian.org> (supplier of updated kmail-account-wizard package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Aug 2020 10:45:16 +0200
Source: kmail-account-wizard
Architecture: source
Version: 4:20.04.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Pino Toscano <pino@debian.org>
Closes: 966667
Changes:
kmail-account-wizard (4:20.04.1-2) unstable; urgency=medium
.
* Team upload.
* Explicitly add the gettext build dependency.
* Remove the dh_makeshlibs override, as there are no shared libraries.
* Switch from dhmk to the dh sequencer:
- invoke the dh sequencer using the kf5 addon
* Unregister the old /etc/xdg/accountwizard.categories,
/etc/xdg/accountwizard.knsrc, and /etc/xdg/accountwizard.renamecategories
conffiles.
* Backport upstream commit a64d80e523edce7d3d59c26834973418fae042f6 to show
whether a connection is authenticated/encrypted (CVE-2020-15954); patch
upstream_Show-info-about-encryption-authentication-settings.patch.
(Closes: #966667)
Checksums-Sha1:
f3e9de8a5adff5e150db40cc8d6860643d1d4e9c 3486 kmail-account-wizard_20.04.1-2.dsc
43ad2eb75b1962c75cc8b4b1960725de0eb7c3b2 12676 kmail-account-wizard_20.04.1-2.debian.tar.xz
5c34c0f2c853a37e46c33cff80996e7e05f4a16d 23018 kmail-account-wizard_20.04.1-2_source.buildinfo
Checksums-Sha256:
6023f47016a47d69cc63d41f3f04b1247839fb1fbd49a2728a551bec74a512a4 3486 kmail-account-wizard_20.04.1-2.dsc
e1bbe1c3feb98621cb18b18fc3034bfd6f74b96c18a9e389ff368ed3f7a1eaee 12676 kmail-account-wizard_20.04.1-2.debian.tar.xz
5a90f2bd8407e165bd663f77bd77e9d4587ae584d9857b03dc840f65ae2c659f 23018 kmail-account-wizard_20.04.1-2_source.buildinfo
Files:
30797ccea19b23c26937caf2b366ed0b 3486 kde optional kmail-account-wizard_20.04.1-2.dsc
4a6dcac1bcfcbe61cdc174121debb892 12676 kde optional kmail-account-wizard_20.04.1-2.debian.tar.xz
1cc2f00028ccc34803c354f9d5a93e25 23018 kde optional kmail-account-wizard_20.04.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAl9A22kACgkQLRkciEOx
P01b5Q//VZOljHJ0guA+PNBZ9KDztExr7ydWx2G/7Yev2q8AirF1XzdBv0aqv5cj
WcJsIeHQ4fY3aF0VntVqgh5DzOaTFa1QryeRTBnotKqsQPrOXeI8tlGvAKyKVPPD
mpyfll2XMr8/QuCxMV/q3io6l9MSb5sWU+P7ijN6redDCVWKsPjEnAJRumegYVDK
SfchuuDYoRwTklH2BFfuT7/vmdl+zJO62LP8f9+twezIrAHZ2cNsXnKnsSmAcw11
vJQ58DePe9axWNX380sTITmhLpRm9850axcQRqzKaleFtxslqdGFPJ9T9axKubTk
+y7vyA83ZBr1zi6RoITpW/uHZxKQj1imNecn6xI1hRQC/ceQBUsbqr0pcd+5WaBz
tvU7ejrwTXd4VyN4kRdAzJTRsfkIS6v1/J2IUI1z7f4yXkhKi1sDY33WFPBTs0bB
P6CQI9Z26QY5N0CVpBj8m5bZmcXLMun9qUOgby+WbIIfNNwbgKpBk3z4Rhy02hRx
QxHclarZx6ipRxNafmwl8PTPM3HhZarj8zIY1oZjq0ec2BQbTJvDkjcGHgD8avTM
OUTuyL5AlTPVqMgyksKFR/xJYGKjp0JA9Z2lvZkxdo783+HyO4HSJumcis9OxLiY
3JHs1qz/BtYChFbRV4hdheovAqVX/Ku4RQxHz0q8e4aGiaeIgls=
=/MJ8
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: