https://bugs.kde.org/show_bug.cgi?id=432353
--- Comment #7 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Hehe, the code at
https://github.com/KDE/trojita/blob/master/src/Imap/Parser/Command.cpp#L71
seems familiar :-)
`PartOfCommand` cannot contain a ", righ
https://bugs.kde.org/show_bug.cgi?id=432353
--- Comment #5 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Hey Jan, thank you for working on this issue!
> This cannot be exploited like that.
I know of at least one client where this is practically exploitable. However, I
am n
https://bugs.kde.org/show_bug.cgi?id=423423
--- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Ah sorry :-) I wrote that comment without thinking too much. We (me and some
colleagues) performed a STARTTLS test some months ago, reported multiple
vulnerabilities and a
https://bugs.kde.org/show_bug.cgi?id=423423
--- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
May I ask for an update? To be clear: we think that this is a securtiy
vulnerability.
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=432353
--- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Any update on this? To be clear: a network attacker can create new folders and
tamper with local application state when STARTTLS is used.
--
You are receiving this mail b
https://bugs.kde.org/show_bug.cgi?id=432354
Bug ID: 432354
Summary: Make implicit TLS the default for SMTP.
Product: trojita
Version: 0.7
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
https://bugs.kde.org/show_bug.cgi?id=432353
Bug ID: 432353
Summary: Untagged responses are processed before STARTTLS.
Product: trojita
Version: 0.7
Platform: Other
OS: Linux
Status: REPORTED
Severity:
https://bugs.kde.org/show_bug.cgi?id=423453
--- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Thank you Jan for your very fast response and patch! Can you already tell when
this will find its way into a new release?
--
You are receiving this mail because:
You are wa
https://bugs.kde.org/show_bug.cgi?id=423453
Bug ID: 423453
Summary: Trojita might not validate TLS certificates in SMTP.
Product: trojita
Version: 0.7
Platform: Other
OS: Linux
Status: REPORTED
Severity:
https://bugs.kde.org/show_bug.cgi?id=423426
--- Comment #2 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
Related: https://bugs.kde.org/show_bug.cgi?id=389427 (but for IMAP)
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=423426
--- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
This is also related to https://bugs.kde.org/show_bug.cgi?id=423423 as the POP3
setup will not set "Server requires authentication" per default.
--
You are rec
https://bugs.kde.org/show_bug.cgi?id=423426
Bug ID: 423426
Summary: POP3 setup wizard defaults to unencrypted connections.
Product: kmail2
Version: 5.13.3
Platform: Other
OS: Linux
Status: REPORTED
https://bugs.kde.org/show_bug.cgi?id=423424
--- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
This also applies in a limited form (dialogs show up slower) for SMTP.
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=423424
Bug ID: 423424
Summary: Kmail "forces" the user to accept invalid TLS
certificates.
Product: kmail2
Version: 5.13.3
Platform: Other
OS: Linux
Status:
https://bugs.kde.org/show_bug.cgi?id=423423
Bug ID: 423423
Summary: STARTTLS is ignored when "Server requires
authentication" not checked in UI
Product: kmail2
Version: 5.13.3
Platform: Other
OS: Linux
https://bugs.kde.org/show_bug.cgi?id=416942
Bug ID: 416942
Summary: Typo and unclear TLS settings
Product: trojita
Version: 0.7
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
https://bugs.kde.org/show_bug.cgi?id=391667
--- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> ---
So... should I write to Jan Kundrat or e.g. David Faure? This issue is
trojita-specific.
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=391667
Bug ID: 391667
Summary: Security bug
Product: trojita
Version: unspecified
Platform: unspecified
OS: All
Status: UNCONFIRMED
Severity: normal
18 matches
Mail list logo