2 matches found
curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master
Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...
OPENSUSE-SU-2020:1269-1 Security update for claws-mail
This update for claws-mail fixes the following issues: - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled boo1174457. This update was imported from the openSUSE:Leap:15.1:Update update project...