Processed: Re: Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
Processing commands for cont...@bugs.debian.org: clone 745556 -1 Bug #745556 [kmail] kmail accepts invalid SMTP TLS certificate against user action Bug 745556 cloned as bug 750995 reassign 745556 libkio5 Bug #745556 [kmail] kmail accepts invalid SMTP TLS certificate against user action Bug reassigned from package 'kmail' to 'libkio5'. No longer marked as found in versions kdepim/4:4.11.5-1. Ignoring request to alter fixed versions of bug #745556 to the same values previously set severity 745556 important Bug #745556 [libkio5] kmail accepts invalid SMTP TLS certificate against user action Severity set to 'important' from 'grave' retitle 745556 Closing dialog for allowing invalid SSL certificate causes default to be accepted Bug #745556 [libkio5] kmail accepts invalid SMTP TLS certificate against user action Changed Bug title to 'Closing dialog for allowing invalid SSL certificate causes default to be accepted' from 'kmail accepts invalid SMTP TLS certificate against user action' reassign -1 kdepim-runtime Bug #750995 [kmail] kmail accepts invalid SMTP TLS certificate against user action Bug reassigned from package 'kmail' to 'kdepim-runtime'. No longer marked as found in versions kdepim/4:4.11.5-1. Ignoring request to alter fixed versions of bug #750995 to the same values previously set retitle -1 Cannot reject invalid SSL certificate for IMAP server as dialog keeps appearing Bug #750995 [kdepim-runtime] kmail accepts invalid SMTP TLS certificate against user action Changed Bug title to 'Cannot reject invalid SSL certificate for IMAP server as dialog keeps appearing' from 'kmail accepts invalid SMTP TLS certificate against user action' thanks Stopping processing here. Please contact me if you need assistance. -- 745556: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745556 750995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750995 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.c.14023099587798.transcr...@bugs.debian.org
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
clone 745556 -1 reassign 745556 libkio5 severity 745556 important retitle 745556 Closing dialog for allowing invalid SSL certificate causes default to be accepted reassign -1 kdepim-runtime retitle -1 Cannot reject invalid SSL certificate for IMAP server as dialog keeps appearing thanks -- Jim Scadden -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140609103226.ga1...@jessie.tsa.lan
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
On Tue, Apr 22, 2014 at 10:33:28PM +0300, Rémi Denis-Courmont wrote: The continue button yields another dialog letting the user choose how long to accept the certificate, either forever, or only for the current session. If the dialog is closed without answer, Kmail assumes forever. At that point, the mail feeder will happily send user credentials over to the untrusted server. This is a problem with kio. Closing the dialog causes the default option to be selected. I have raised this in KDE BTS along with a proposed patch: https://bugs.kde.org/show_bug.cgi?id=335375 -- Jim Scadden -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140526154549.gb4...@wheezy.tsa.lan
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
Le 2014-04-24 08:53, Yves-Alexis Perez a écrit : On Tue, Apr 22, 2014 at 10:33:28PM +0300, Rémi Denis-Courmont wrote: The cancel button has no effects other than to bring the same dialog almost instantly back in an infinite loop. Are you sure the loop is infinite and kmail is not just checking folder after folder? (not that it wouldn't be a bad idea to cache the decision for the user/host/port triplet). I do not know why it seems to loop. I set a refresh delay of 5 minutes, but the dialog comes back within less than a second, again and again... -- Rémi Denis-Courmont -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/32032d2f631cbf11958c82a5c34aa...@roundcube.remlab.net
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
On Thu, Apr 24, 2014 at 10:14:50AM +0300, Rémi Denis-Courmont wrote: I do not know why it seems to loop. I set a refresh delay of 5 minutes, but the dialog comes back within less than a second, again and again... In case I wasn't clear, I was wondering if it wasn't just all imaps folders beeing refreshed one after another. -- Yves-Alexis Perez signature.asc Description: Digital signature
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
On Tue, Apr 22, 2014 at 10:33:28PM +0300, Rémi Denis-Courmont wrote: The cancel button has no effects other than to bring the same dialog almost instantly back in an infinite loop. Are you sure the loop is infinite and kmail is not just checking folder after folder? (not that it wouldn't be a bad idea to cache the decision for the user/host/port triplet). Regards. -- Yves-Alexis Perez signature.asc Description: Digital signature
Bug#745556: kmail accepts invalid SMTP TLS certificate against user action
Package: kmail Version: 4:4.11.5-1 Severity: grave Tags: security Justification: user security hole Dear Maintainer, Configure an outgoing SMTP server with (Start)TLS in kmail. If the server presents an invalid or self-signed certificate to the agent, KDE will show a warning dialog offering three choices: details, continue and cancel (not sure about translation from fr_FR locale). The details button works as expected, showing certificate infos, then returning to the previous dialog. The cancel button has no effects other than to bring the same dialog almost instantly back in an infinite loop. The continue button yields another dialog letting the user choose how long to accept the certificate, either forever, or only for the current session. If the dialog is closed without answer, Kmail assumes forever. At that point, the mail feeder will happily send user credentials over to the untrusted server. So basically, there are no ways to reject an invalid certificate, other than to kill the mail feeder or take the system offline. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.10-basile (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages kmail depends on: ii kde-runtime 4:4.11.5-1 ii kdepim-runtime4:4.11.5-1 ii kdepimlibs-kio-plugins4:4.11.5-4+b1 ii libakonadi-calendar4 4:4.11.5-4+b1 ii libakonadi-contact4 4:4.11.5-4+b1 ii libakonadi-kde4 4:4.11.5-4+b1 ii libakonadi-kmime4 4:4.11.5-4+b1 ii libakonadiprotocolinternals1 1.11.0-1 ii libc6 2.18-4 ii libcalendarsupport4 4:4.11.5-1 ii libgcc1 1:4.9-20140411-2 ii libgpgme++2 4:4.11.5-4+b1 ii libgrantlee-core0 0.3.0-5 ii libincidenceeditorsng44:4.11.5-1 ii libkabc4 4:4.11.5-4+b1 ii libkalarmcal2 4:4.11.5-4+b1 ii libkcalcore4 4:4.11.5-4+b1 ii libkcalutils4 4:4.11.5-4+b1 ii libkcmutils4 4:4.11.5-3 ii libkdecore5 4:4.11.5-3 ii libkdepim44:4.11.5-1 ii libkdeui5 4:4.11.5-3 ii libkio5 4:4.11.5-3 ii libkleo4 4:4.11.5-1 ii libkmime4 4:4.11.5-4+b1 ii libknewstuff3-4 4:4.11.5-3 ii libknotifyconfig4 4:4.11.5-3 ii libkontactinterface4 4:4.11.5-4+b1 ii libkparts44:4.11.5-3 ii libkpgp4 4:4.11.5-1 ii libkpimidentities44:4.11.5-4+b1 ii libkpimtextedit4 4:4.11.5-4+b1 ii libkpimutils4 4:4.11.5-4+b1 ii libkprintutils4 4:4.11.5-3 ii libksieveui4 4:4.11.5-1 ii libktnef4 4:4.11.5-4+b1 ii libmailcommon44:4.11.5-1 ii libmailimporter4 4:4.11.5-1 ii libmailtransport4 4:4.11.5-4+b1 ii libmessagecomposer4 4:4.11.5-1 ii libmessagecore4 4:4.11.5-1 ii libmessagelist4 4:4.11.5-1 ii libmessageviewer4 4:4.11.5-1 ii libnepomukcore4 4:4.11.5-2+b1 ii libpimcommon4 4:4.11.5-1 ii libqt4-dbus 4:4.8.5+git242-g0315971+dfsg-2 ii libqt4-network4:4.8.5+git242-g0315971+dfsg-2 ii libqt4-xml4:4.8.5+git242-g0315971+dfsg-2 ii libqtcore44:4.8.5+git242-g0315971+dfsg-2 ii libqtgui4 4:4.8.5+git242-g0315971+dfsg-2 ii libqtwebkit4 2.2.1-7 ii libsendlater4 4:4.11.5-1 ii libsolid4 4:4.11.5-3 ii libsoprano4 2.9.4+dfsg-1 ii libstdc++64.9-20140411-2 ii libtemplateparser44:4.11.5-1 ii perl 5.18.2-2+b1 Versions of packages kmail recommends: ii gnupg-agent 2.0.22-3 ii gnupg2 2.0.22-3 ii pinentry-qt4 [pinentry-x11] 0.8.3-2 Versions of packages kmail suggests: pn clamav | f-prot-installernone pn kaddressbook none pn kleopatranone pn procmail none pn spamassassin | bogofilter | annoyance-filter | spambayes | bsfilter none -- no debconf information -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: