[Users] Import security update for Win32

Colin Leroy colin at colino.net
Wed Mar 5 15:38:43 CET 2014

(Re-sending signed, sorry)


Following a rather important vulnerability fix in GnuTLS
(CVE-2014-0092), I have updated the Windows port to a fixed GnuTLS.

The updated installer is available at http://www.claws-mail.org/win32/
as usual.

Concerning the vulnerability, it is described at

It resembles the recent SSL vulnerability found in Apple products,
allowing to bypass certificate validation.

It could be used, by someone in position to redirect network traffic to
a rogue server (Man in the middle), to impersonate an SSL email server
and fetch user passwords without triggering an invalid certificate
warning - for known servers, the changed certificate warning would
still be issued.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20140305/f1d48b2b/attachment.sig>

More information about the Users mailing list