claws-mail: Multiple Vulnerabilities — GLSA 201606-11

Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.

Affected Packages

mail-client/claws-mail on all architectures
Affected versions < 3.13.2
Unaffected versions >= 3.13.2

Background

Claws Mail is a GTK based e-mail client.

Description

Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details.

Impact

An attacker could possibly intercept communications due to the default implementation of SSL 3.0.

Workaround

There is no known workaround at this time.

Resolution

All claws-mail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.13.2"
 

References

Release Date
June 26, 2016

Latest Revision
June 26, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries