[Users] Import security update for Win32
Colin Leroy
colin at colino.net
Wed Mar 5 15:38:43 CET 2014
(Re-sending signed, sorry)
Hi,
Following a rather important vulnerability fix in GnuTLS
(CVE-2014-0092), I have updated the Windows port to a fixed GnuTLS.
The updated installer is available at http://www.claws-mail.org/win32/
as usual.
Concerning the vulnerability, it is described at
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
It resembles the recent SSL vulnerability found in Apple products,
allowing to bypass certificate validation.
It could be used, by someone in position to redirect network traffic to
a rogue server (Man in the middle), to impersonate an SSL email server
and fetch user passwords without triggering an invalid certificate
warning - for known servers, the changed certificate warning would
still be issued.
--
Colin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20140305/f1d48b2b/attachment.sig>
More information about the Users
mailing list