[Users] [Bug 3299] New: [Security] Please fix POODLE vulnerability in Claws Mail

[noreply at thewildbeast.co.uk]

http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3299

            Bug ID: 3299
           Summary: [Security] Please fix POODLE vulnerability in Claws
                    Mail
    Classification: Unclassified
           Product: Claws Mail
           Version: other
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P3
         Component: Other
          Assignee: users at lists.claws-mail.org
          Reporter: nw9165-3201 at yahoo.com

Dear Claws Mail developers,

according to:

http://lists.claws-mail.org/pipermail/devel/2014-October/001307.html

Claws Mail apparently seems to be vulnerable to POODLE.

Could you please fix it as soon as possible?

In the meantime:

Is there anything a user can do to prevent POODLE attacks when using Claws
Mail?

If yes: What?

I already tried to use "Use STARTTLS command to start SSL session" for
connecting to an IMAP server on port 993. But it doesn't work. It only works
when using "Use SSL for IMAP connection".

So, what can I (and others) do?

PS:

Why is there no "Use TLS for IMAP connection" setting available in Claws Mail?

Regards

-- 
You are receiving this mail because:
You are the assignee for the bug.