Bug#966666: marked as done (kdepim-runtime: CVE-2020-15954)
Your message dated Sat, 22 Aug 2020 19:06:44 +0000
with message-id <E1k9Yqi-000J5T-Dq@fasolo.debian.org>
and subject line Bug#966666: fixed in kdepim-runtime 4:20.04.1-2
has caused the Debian Bug report #966666,
regarding kdepim-runtime: CVE-2020-15954
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
966666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966666
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: kdepim-runtime
Version: 4:20.04.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2
Control: reassign -2 src:kmail-account-wizard 4:20.04.1-1
Control: retitle -2 kmail-account-wizard: CVE-2020-15954
Hi,
The following vulnerability was published for
kdepim-runtime/kmail-account-wizard.
CVE-2020-15954[0]:
| KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3
| communication during times when the UI indicates that encryption is in
| use.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15954
[1] https://bugs.kde.org/show_bug.cgi?id=423426
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kdepim-runtime
Source-Version: 4:20.04.1-2
Done: Pino Toscano <pino@debian.org>
We believe that the bug you reported is fixed in the latest version of
kdepim-runtime, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 966666@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pino Toscano <pino@debian.org> (supplier of updated kdepim-runtime package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Aug 2020 20:35:34 +0200
Source: kdepim-runtime
Architecture: source
Version: 4:20.04.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Pino Toscano <pino@debian.org>
Closes: 966666
Changes:
kdepim-runtime (4:20.04.1-2) unstable; urgency=medium
.
* Team upload.
* Explicitly add the gettext build dependency.
* Switch from dhmk to the dh sequencer:
- invoke the dh sequencer using the kf5 addon
- call the right debhelper command instead of $(overridden_command)
* Unregister the old /etc/xdg/kdepim-runtime.categories, and
/etc/xdg/kdepim-runtime.renamecategories conffiles.
* Backport upstream commit bd64ab29116aa7318fdee7f95878ff97580162f2 to make
new POP3 connections encrypted by default (CVE-2020-15954); patch
upstream_Fix-Bug-423426-POP3-setup-wizard-defaults-to-unencry.patch.
(Closes: #966666)
* Update lintian overrides.
* Fix typo in the description of patch make_qtwebengine_optional.patch.
Checksums-Sha1:
ae973b9f71851875aa8e627d8c10099aacccab7f 3881 kdepim-runtime_20.04.1-2.dsc
604be21b7a01a41196cab865fbc12ac835efd3a5 26088 kdepim-runtime_20.04.1-2.debian.tar.xz
dd27c1562a7505f65f38aad373e3d69bf031ef43 21648 kdepim-runtime_20.04.1-2_source.buildinfo
Checksums-Sha256:
a041b60973e4af43fb7987e3270e286630d96111fb382d48d8f42565999fd148 3881 kdepim-runtime_20.04.1-2.dsc
110f67422ff0c5e7bc173bc23421d8b9d557e447eacf5928b4f6db9cc30746f1 26088 kdepim-runtime_20.04.1-2.debian.tar.xz
67bcb7b6c7c5a41dc9e166af887d2297477441ee84d82f124221bdc10a3a3dab 21648 kdepim-runtime_20.04.1-2_source.buildinfo
Files:
df20e6aae45116f5159c09dbcc33f5dd 3881 x11 optional kdepim-runtime_20.04.1-2.dsc
a24dc6db2f83cdb2d39d74fa42c0fb40 26088 x11 optional kdepim-runtime_20.04.1-2.debian.tar.xz
8ea0714d3006fe5ce8386dda0d0b2958 21648 x11 optional kdepim-runtime_20.04.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAl9BZZgACgkQLRkciEOx
P00KURAAp78oyvsYTNBroUO+mTr0qlkR+jyFsRNsrYyWUCiaCThSQOZ+MGIJNCn1
LtrgHJB5KfspW067C+OFxU7MQVrNvPbkTzrrsgkdJA5J3CfRuC1G2viYMLJ08ZgK
MSWfvfVT/zWZd9bRjafgE6N+N7kR4ZIVDCPxeFtv+f5Ks+EahLs09PPtkceyCdfe
w1WdxiLTQgy0nWJ/kT2+Aa2BwrVM9onbgnj1odTNFOPI2Z/eTuePqwN9xz0s1A2m
dp8JByzlJLFu14G678HmGpxuUvdjR1Adt572Biv5Nn/PfO/y4sfPEC1/3aqWXZyM
RJEmK4MG1/BQ7fe34pbV3XyzOFkxxwU+5A7Vokkfm4XqwSTy+57/ZGC8nqZvXT03
nalQwiS9qMFDHq0xPvWCQwuEe+igGozNq9pPxvi1DZVZUEJ+xhjY1bjg4sux3SbC
lx9hdDc7ubM0YoDc7jwaha3uEzk0Wunj2SpseAWDv8gXtwrJhjr+6qvMdTsoHgo/
8Wkj7OvpllZVfABVucOKcWLkY0xxlT4sZmWKoBWjhX3SqAU/u59XJdmaZz7NYKzc
t5DN5kEsdYq8JwsqGfQKSEMOlMmd7eUAF8FiZrVAf7eZj9sIJ7cIzBbDSu9Xqbfr
Kpzr6I2q7VQze9XJti3ZTxCFoByd/+IygEv2E7+8a5hPjifHw6Q=
=2awU
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: