openSUSE Security Update: update for claws-mail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1291-1 Rating: moderate References: Cross-References: CVE-2014-2576 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Update to version 3.10.1(bnc#870858): + Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro). + RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'. + PGP/Core plugin: Generate 2048 bit RSA keys. + Major code cleanup. + Extended claws-mail.desktop with Compose and Receive actions. + Fix GConf use with newer Glib. + Fix the race fix, now preventing the compose window to be closed. + Fix "File (null) doesn't exist" error dialog, when attaching a non-existing file via --attach + Fix spacing in Folderview if the font is far from the system font. + RSSyl: - When parsing RSS 2.0, ignore tags with a namespace prefix. - Check for existence of xmlNode namespace, to prevent NULL pointer crashes. + Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, claws#3201, deb#730050. + Updated translations. - Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patch as fixed upstream. This also fixes CVE-2014-2576. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-587 - openSUSE 12.3: zypper in -t patch openSUSE-2014-587 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): claws-mail-3.10.1-3.4.1 claws-mail-debuginfo-3.10.1-3.4.1 claws-mail-debugsource-3.10.1-3.4.1 claws-mail-devel-3.10.1-3.4.1 - openSUSE 13.1 (noarch): claws-mail-lang-3.10.1-3.4.1 - openSUSE 12.3 (i586 x86_64): claws-mail-3.10.1-2.8.1 claws-mail-debuginfo-3.10.1-2.8.1 claws-mail-debugsource-3.10.1-2.8.1 claws-mail-devel-3.10.1-2.8.1 - openSUSE 12.3 (noarch): claws-mail-lang-3.10.1-2.8.1 References: http://support.novell.com/security/cve/CVE-2014-2576.html