[Users] Libetpan vulnerability - Claws users beware
Brian Morrison
bdm at fenrir.org.uk
Mon Aug 10 18:11:23 CEST 2020
On Mon, 2020-08-10 at 15:33 +0000, Paul wrote:
> On Mon, 10 Aug 2020 16:27:01 +0100
> Brian Morrison <bdm at fenrir.org.uk> wrote:
>
> > It appears that any such response will abort your IMAP, SMTP or POP
> > session as there is no intended to be anything sent after a
> > STARTTLS
> > response.
>
> Of course, Claws Mail uses libetpan only for IMAP, not SMTP or POP.
>
> The issue affecting POP and SMTP was addressed in version 3.17.6.
>
Fair enough, I thought I had better make the worst case comment in case
I hadn't covered all the possibilities.
I suppose some other programs use the POP and SMTP capabilities of
libetpan, so best to be aware of all the details.
--
Brian
More information about the Users
mailing list