claws-mail package outdated (security risk)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
claws-mail (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
sylpheed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The claws-mail package in the Ubuntu repo is at version 3.17.8, which is outdated.
A high security flaw has been fixed in upstream version 3.18. See https:/
"textview_
I was unable to locate any information that this fix already got backported to the version of claws-mail currently available for Ubuntu.
This flaw is pretty severe as it could be exploited quite easily. Please update package or sync the package with Debian unstable.
Package: claws-mail
Version: 3.17.8 and all versions prior
Release: 21.04; affecting all releases
CVE References
information type: | Private Security → Public Security |
Changed in claws-mail (Ubuntu): | |
status: | New → Fix Released |
Changed in sylpheed (Ubuntu): | |
status: | New → Fix Released |
Looks like https:/ /git.claws- mail.org/ ?p=claws. git;a=commit; h=ac286a71ed784 29e16c612161251 b9ea90ccd431 is the upstream commit to address the issue.