{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for claws-mail","title":"Title of the patch"},{"category":"description","text":"This update for claws-mail fixes the following issues:\n\n- Additional cleanup of the template handling\n\nclaws-mail was updated to 3.17.8 (boo#1177967)\n\n  * Shielded template's |program{} and |attach_program{} so that the\n    command-line that is executed does not allow sequencing such as\n    with && || ;, preventing possible execution of nasty, or at least\n    unexpected, commands\n  * bug fixes: claws#4376\n  * updated English, French, and Spanish manuals\n\n- Update to 3.17.7 \n\n  * Image Viewer: Image attachments, when displayed, are now resized\n    to fit the available width rather than the available height.\n  * -d is now an alias to --debug.\n  * Libravatar plugin: New styles supported: Robohash and Pagan.\n  * SpamAssassin plugin: The 'Maximum size' option now matches\n    SpamAssassin's maximum; it can now handle messages up to 256MB.\n  * LiteHTML viewer plugin: The UI is now translatable.\n  Bug fixes:\n  * bug 4313, 'Recursion stack overflow with rebuilding folder\n    tree'\n  * bug 4372, '[pl_PL] Crash after 'Send later' without\n    recipient and then 'Close''\n  * bug 4373, 'attach mailto URI double free'\n  * bug 4374, 'insert mailto URI misses checks'\n  * bug 4384, 'U+00AD (soft hyphen) changed to space in\n    Subject'\n  * bug 4386, 'Allow Sieve config without userid without\n    warning'\n  * Add missing SSL settings when cloning accounts.\n  * Parsing of command-line arguments.\n  * PGP Core plugin: fix segv in address completion with a\n    keyring.\n  * Libravatar plugin: fixes to image display.\n\n- Disable python-gtk plugin on suse_version > 1500: still relying\n  on python2, which is EOL.\n\n- Update to 3.17.6:\n\n  * It is now possible to 'Inherit Folder properties and processing\n    rules from parent folder' when creating new folders with the\n    move message and copy message dialogues.\n  * A Phishing warning is now shown when copying a phishing URL, (in\n    addition to clicking a phishing URL).\n  * The progress window when importing an mbox file is now more\n    responsive.\n  * A warning dialogue is shown if the selected privacy system is\n    'None' and automatic signing amd/or encrypting is enabled.\n  * Python plugin: pkgconfig is now used to check for python2. This\n    enables the Python plugin (which uses python2) to be built on\n    newer systems which have both python2 and python3.\n  Bug fixes:\n  * bug 3922, 'minimize to tray on startup not working'\n  * bug 4220, 'generates files in cache without content'\n  * bug 4325, 'Following redirects when retrieving image'\n  * bug 4342, 'Import mbox file command doesn't work twice on a row'\n  * fix STARTTLS protocol violation\n  * fix initial debug line\n  * fix fat-fingered crash when v (hiding msgview) is pressed\n    just before c (check signature)\n  * fix non-translation of some Templates strings\n\n\n- Update to 3.17.5\n\n  + Inline Git patches now have colour syntax highlighting\n    The colours of these, and patch attachments, are configurable on\n    the 'Other' tab of the Display/Colors page of the general\n    preferences.\n  + The previously hidden preference, 'summary_from_show', is now\n    configurable within the UI, on the 'Message List' tab of the\n    Display/Summaries page of the general preferences, 'Displayed in\n    From column [ ]'.\n  + 'Re-edit' has been added to the message context menu when in the\n    Drafts folder.\n  + Additional Date header formats are supported:\n    - weekday, month, day, hh, mm, ss, year, zone\n    - weekday, month, day, hh, mm, ss, year\n  + LiteHtml viewer plugin: scrolling with the keyboard has been\n    implemented.\n  + The included tools/scripts have been updated:\n    - eud2gc.py converted to Python 3\n    - tbird2claws.py converted to Python 3\n    - tbird2claws.py converted to Python 3\n    - google_search.pl has been replaced with ddg_search.pl (that is,\n      duckduckgo.com instead of google.com)\n    - fix_date.sh and its documentation have been updated \n    - multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google'\n      has been replaced by 'ddg'\n    - the outdated OOo2claws-mail.pl script has been removed\n  + Updated manuals\n  + Updated translations: British English, Catalan, Czech, Danish,\n    Dutch, French, German, Russian, Slovak, Spanish, Swedish,\n    Traditional Chinese, Turkish\n  + bug fixes: claws#2131, claws#4237, claws#4239, claws#4248, \n    claws#4253, claws#4257, claws#4277, claws#4278, claws#4305\n  + Misc bugs fixed:\n    - Fix crash in litehtml_viewer when  tag has no href\n    - removed 'The following file has been attached...' dialogue\n    - MBOX import: give a better estimation of the time left and\n      grey out widgets while importing\n    - Fixed 'vcard.c:238:2: warning: ‘strncpy’ output truncate \n      before terminating nul copying as many bytes from a string\n      as its length'\n    - RSSyl: Fix handling deleted feed items where modified and\n      published dates do not match \n    - fix bolding of target folder\n    - when creating a new account, don't pre-fill data from the\n      default account\n    - respect 'default selection' settings when moving a msg with\n      manual filtering\n    - Fix printing of empty pages when the selected part is\n      rendered with a plugin not implementing print\n    - Addressbook folder selection dialogs: make sure folder list\n      is sorted and apply global prefs to get stripes in lists.\n    - when user cancels the GPG signing passphrase dialogue,\n      don't bother the user with an 'error' dialogue\n    - Fix imap keyword search. Libetpan assumes keyword search is\n      a MUST but RFC states it is a MAY. Fix advanced search on\n      MS Exchange\n    - fix SHIFT+SPACE in msg list, moving in reverse\n    - revert pasting images as attachments\n    - Fix help about command-line arguments that require a\n      parameter.\n    - Printing: only print as plain text if the part is of type\n      text\n    - fix a segfault with default info icon when trying to print\n     a non-text part.\n\n- Add a test on build-time libetpan version to require the proper\n  version at run-time (boo#1157594)\n\n- Move 'Mark all read/unread' menu entries where they belong.\n  remove-MarkAll-from-message-menu.patch (claws#4278)\n  add-MarkAll-to-folder-menu.patch (claws#4278)\n\n- Make litehtml plugin build on Tumbleweed.\n\n- Update to 3.17.4:\n\n  * New HTML viewer plugin: Litehtml viewer\n  * Added option 'Enable keyboard shortcuts' to the 'Keyboard\n    shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous\n  * Compose: implemented copying of attached images to clipboard\n  * Compose: images and text/uri-list (files) can now be attached by\n    pasting into the Compose window\n  * Python plugin: window sizes are now remembered for the Python\n    console, the 'Open URLs' and the 'Set mailbox order' windows.\n  * Fancy plugin: the download-link feature now follows redirections\n  * MBOX export: the Enter key in the dialogue now starts the export\n  * The date (ISO format) has been added to log timestamps\n  * Update translations\n    - bug 1920, 'No automatic NNTP filtering'\n    - bug 2045, 'address book blocks focus on email window'\n    - bug 2131, 'Focus stealing after mail check'\n    - bug 2627, 'Filtering does not work on NNTP'\n    - bug 3070, 'misbehaving text wrapping when URL chars are present'\n    - bug 3838, 'Canceled right-click on message list leaves UI\n      in inconsistent state'\n    - bug 3977, 'Fix crashes when some external APIs fail'\n    - bug 3979, 'Hang (with killing needed) during action which\n      extracts attachments'\n    - bug 4029, 'segfault after deleting message in a window'\n    - bug 4031, 'fingerprint in SSL/TLS certificates for ...\n      (regress error)'\n    - bug 4037, 'Fix some small issues'\n    - bug 4142, 'Translation error on Russian'\n    - bug 4145, 'proxy server for sending doesn't work'\n    - bug 4155, 'remember directory of last saving'\n    - bug 4166, 'corrupted double-linked list'\n    - bug 4167, 'Max line length exceeded when forwarding mail'\n    - bug 4188, 'STL file is sent not as an attachment but as its\n      base64 representation in plaintext'\n    - CID 1442278, 'impossible to trigger buffer overflow'\n    - Make key accelerators from menu work in addressbook window\n    - save checkbox choices of display/summaries/defaults prefs\n    - Do not throw an error when cancelling 'Save email as...'.\n    - occasional crash on drag'n'drop of msgs\n    - possible stack overflow in vcalendar's Curl data handler\n    - crash when LDAP address source is defined in index, but\n    - support is disabled\n    - crash in Fancy plugin if one of the MIME parts has no\n    - -ID\n    - a few small memory leaks in scan_mailto_url()\n    - configure script for rare cases where python is not\n      installed\n    - incorrect charset conversion in sc_html_read_line().\n    - markup in 'key not fully trusted' warning in pgpcore\n    - use after free in rare code path in rssyl_subscribe()\n    - several memory leaks\n    - verify_folderlist_xml() for fresh starts\n    - printf formats for size_t and goffset arguments.\n    - alertpanel API use in win32 part of mimeview.c\n    - pid handling in debug output of kill_children_cb()\n    - incorrect pointer arithmetic in w32_filesel.c\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2020-1822","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1822-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2020:1822-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2020:1822-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJZJ7GCA3H35VDJV4TSCXVOQHIMHDZYO/"},{"category":"self","summary":"SUSE Bug 1157594","url":"https://bugzilla.suse.com/1157594"},{"category":"self","summary":"SUSE Bug 1177967","url":"https://bugzilla.suse.com/1177967"},{"category":"self","summary":"SUSE CVE CVE-2020-15917 page","url":"https://www.suse.com/security/cve/CVE-2020-15917/"}],"title":"Security update for claws-mail","tracking":{"current_release_date":"2020-11-02T23:25:05Z","generator":{"date":"2020-11-02T23:25:05Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2020:1822-1","initial_release_date":"2020-11-02T23:25:05Z","revision_history":[{"date":"2020-11-02T23:25:05Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"claws-mail-3.17.8-bp152.3.6.1.aarch64","product":{"name":"claws-mail-3.17.8-bp152.3.6.1.aarch64","product_id":"claws-mail-3.17.8-bp152.3.6.1.aarch64"}},{"category":"product_version","name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","product":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","product_id":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","product":{"name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","product_id":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","product":{"name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","product_id":"claws-mail-3.17.8-bp152.3.6.1.ppc64le"}},{"category":"product_version","name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","product":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","product_id":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"claws-mail-3.17.8-bp152.3.6.1.s390x","product":{"name":"claws-mail-3.17.8-bp152.3.6.1.s390x","product_id":"claws-mail-3.17.8-bp152.3.6.1.s390x"}},{"category":"product_version","name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","product":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","product_id":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"claws-mail-3.17.8-bp152.3.6.1.x86_64","product":{"name":"claws-mail-3.17.8-bp152.3.6.1.x86_64","product_id":"claws-mail-3.17.8-bp152.3.6.1.x86_64"}},{"category":"product_version","name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","product":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","product_id":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 15 SP1","product":{"name":"SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1"}},{"category":"product_name","name":"SUSE Package Hub 15 SP2","product":{"name":"SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2"}},{"category":"product_name","name":"openSUSE Leap 15.1","product":{"name":"openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}},{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP1","product_id":"SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"},"product_reference":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of SUSE Package Hub 15 SP2","product_id":"SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"},"product_reference":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.1","product_id":"openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"},"product_reference":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","relates_to_product_reference":"openSUSE Leap 15.1"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.s390x","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64"},"product_reference":"claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"},"product_reference":"claws-mail-lang-3.17.8-bp152.3.6.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2020-15917","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-15917"}],"notes":[{"category":"general","text":"common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"]},"references":[{"category":"external","summary":"CVE-2020-15917","url":"https://www.suse.com/security/cve/CVE-2020-15917"},{"category":"external","summary":"SUSE Bug 1174457 for CVE-2020-15917","url":"https://bugzilla.suse.com/1174457"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","SUSE Package Hub 15 SP2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","SUSE Package Hub 15 SP2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.1:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.1:claws-mail-lang-3.17.8-bp152.3.6.1.noarch","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.aarch64","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.ppc64le","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.s390x","openSUSE Leap 15.2:claws-mail-devel-3.17.8-bp152.3.6.1.x86_64","openSUSE Leap 15.2:claws-mail-lang-3.17.8-bp152.3.6.1.noarch"]}],"threats":[{"category":"impact","date":"2020-11-02T23:25:05Z","details":"critical"}],"title":"CVE-2020-15917"}]}