[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 Volker Krause changed: What|Removed |Added Resolution|--- |FIXED Latest Commit||https://invent.kde.org/pim/ ||ksmtp/commit/60f73c69758fe4 ||0a027a8e7402127d085f18545a Status|ASSIGNED|RESOLVED --- Comment #7 from Volker Krause --- Git commit 60f73c69758fe40a027a8e7402127d085f18545a by Volker Krause. Committed on 23/09/2021 at 16:02. Pushed by knauss into branch 'master'. Move STARTTLS setup from LoginJob to Session This is now done immediately after opening the connection, independent of whether there is a LoginJob at all. M +5-28 src/loginjob.cpp M +15 -2src/session.cpp M +1-0src/session_p.h https://invent.kde.org/pim/ksmtp/commit/60f73c69758fe40a027a8e7402127d085f18545a -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 Bug Janitor Service changed: What|Removed |Added Ever confirmed|0 |1 Status|REPORTED|ASSIGNED --- Comment #6 from Bug Janitor Service --- A possibly relevant merge request was started @ https://invent.kde.org/pim/ksmtp/-/merge_requests/8 -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 --- Comment #5 from Volker Krause --- Git commit 38a4c09427f3fdc04f9893f8eda3f6807d9a3203 by Volker Krause. Committed on 21/09/2021 at 16:18. Pushed by knauss into branch 'master'. Move establishing the TLS connection to Session This means we now also enable TLS when not having a LoginJob, ie. on servers not requiring authentication. Doing the same for STARTTLS is the next step then. M +0-2src/loginjob.cpp M +1-11 src/session.cpp M +11 -2src/sessionthread.cpp M +2-0src/sessionthread_p.h https://invent.kde.org/pim/ksmtp/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 Sandro Knauß changed: What|Removed |Added CC||skna...@kde.org --- Comment #4 from Sandro Knauß --- The vulnerable is now published under https://nostarttls.secvuln.info/ -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 Rex Dieter changed: What|Removed |Added CC||rdie...@gmail.com -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 --- Comment #3 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- Ah sorry :-) I wrote that comment without thinking too much. We (me and some colleagues) performed a STARTTLS test some months ago, reported multiple vulnerabilities and are now in the process to consolidate the still open bugs. -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 Laurent Montel changed: What|Removed |Added CC||mon...@kde.org --- Comment #2 from Laurent Montel --- (In reply to Damian Poddebniak from comment #1) > May I ask for an update? To be clear: we think that this is a securtiy > vulnerability. "We" ? who is "we" ? -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 423423] STARTTLS is ignored when "Server requires authentication" not checked in UI
https://bugs.kde.org/show_bug.cgi?id=423423 --- Comment #1 from Damian Poddebniak <93s4m32gd2ab8...@mailbox.org> --- May I ask for an update? To be clear: we think that this is a securtiy vulnerability. -- You are receiving this mail because: You are watching all bug changes.