Bug#750995: marked as done (Cannot reject invalid SSL certificate for IMAP server as dialog keeps appearing)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 17 Nov 2014 05:03:51 +0000
with message-id <E1XqETf-0000pJ-U5@franck.debian.org>
and subject line Bug#750995: fixed in kdepim-runtime 4:4.14.2-2
has caused the Debian Bug report #750995,
regarding Cannot reject invalid SSL certificate for IMAP server as dialog keeps appearing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
750995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750995
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: kmail accepts invalid SMTP TLS certificate against user action
• From: Rémi Denis-Courmont <courmisch@gmail.com>
• Date: Tue, 22 Apr 2014 22:33:28 +0300
• Message-id: <20140422193328.15837.53977.reportbug@basile.remlab.net>

Package: kmail
Version: 4:4.11.5-1
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

Configure an outgoing SMTP server with (Start)TLS in kmail. If the
server presents an invalid or self-signed certificate to the agent,
KDE will show a warning dialog offering three choices: details,
continue and cancel (not sure about translation from fr_FR locale).

The "details" button works as expected, showing certificate infos,
then returning to the previous dialog.

The "cancel" button has no effects other than to bring the same dialog
almost instantly back in an infinite loop. 

The "continue" button yields another dialog letting the user choose how
long to accept the certificate, either forever, or only for the current
session. If the dialog is closed without answer, Kmail assumes forever.
At that point, the mail feeder will happily send user credentials over
to the untrusted server.


So basically, there are no ways to reject an invalid certificate, other
than to kill the mail feeder or take the system offline.




-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13.10-basile (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages kmail depends on:
ii  kde-runtime                   4:4.11.5-1
ii  kdepim-runtime                4:4.11.5-1
ii  kdepimlibs-kio-plugins        4:4.11.5-4+b1
ii  libakonadi-calendar4          4:4.11.5-4+b1
ii  libakonadi-contact4           4:4.11.5-4+b1
ii  libakonadi-kde4               4:4.11.5-4+b1
ii  libakonadi-kmime4             4:4.11.5-4+b1
ii  libakonadiprotocolinternals1  1.11.0-1
ii  libc6                         2.18-4
ii  libcalendarsupport4           4:4.11.5-1
ii  libgcc1                       1:4.9-20140411-2
ii  libgpgme++2                   4:4.11.5-4+b1
ii  libgrantlee-core0             0.3.0-5
ii  libincidenceeditorsng4        4:4.11.5-1
ii  libkabc4                      4:4.11.5-4+b1
ii  libkalarmcal2                 4:4.11.5-4+b1
ii  libkcalcore4                  4:4.11.5-4+b1
ii  libkcalutils4                 4:4.11.5-4+b1
ii  libkcmutils4                  4:4.11.5-3
ii  libkdecore5                   4:4.11.5-3
ii  libkdepim4                    4:4.11.5-1
ii  libkdeui5                     4:4.11.5-3
ii  libkio5                       4:4.11.5-3
ii  libkleo4                      4:4.11.5-1
ii  libkmime4                     4:4.11.5-4+b1
ii  libknewstuff3-4               4:4.11.5-3
ii  libknotifyconfig4             4:4.11.5-3
ii  libkontactinterface4          4:4.11.5-4+b1
ii  libkparts4                    4:4.11.5-3
ii  libkpgp4                      4:4.11.5-1
ii  libkpimidentities4            4:4.11.5-4+b1
ii  libkpimtextedit4              4:4.11.5-4+b1
ii  libkpimutils4                 4:4.11.5-4+b1
ii  libkprintutils4               4:4.11.5-3
ii  libksieveui4                  4:4.11.5-1
ii  libktnef4                     4:4.11.5-4+b1
ii  libmailcommon4                4:4.11.5-1
ii  libmailimporter4              4:4.11.5-1
ii  libmailtransport4             4:4.11.5-4+b1
ii  libmessagecomposer4           4:4.11.5-1
ii  libmessagecore4               4:4.11.5-1
ii  libmessagelist4               4:4.11.5-1
ii  libmessageviewer4             4:4.11.5-1
ii  libnepomukcore4               4:4.11.5-2+b1
ii  libpimcommon4                 4:4.11.5-1
ii  libqt4-dbus                   4:4.8.5+git242-g0315971+dfsg-2
ii  libqt4-network                4:4.8.5+git242-g0315971+dfsg-2
ii  libqt4-xml                    4:4.8.5+git242-g0315971+dfsg-2
ii  libqtcore4                    4:4.8.5+git242-g0315971+dfsg-2
ii  libqtgui4                     4:4.8.5+git242-g0315971+dfsg-2
ii  libqtwebkit4                  2.2.1-7
ii  libsendlater4                 4:4.11.5-1
ii  libsolid4                     4:4.11.5-3
ii  libsoprano4                   2.9.4+dfsg-1
ii  libstdc++6                    4.9-20140411-2
ii  libtemplateparser4            4:4.11.5-1
ii  perl                          5.18.2-2+b1

Versions of packages kmail recommends:
ii  gnupg-agent                  2.0.22-3
ii  gnupg2                       2.0.22-3
ii  pinentry-qt4 [pinentry-x11]  0.8.3-2

Versions of packages kmail suggests:
pn  clamav | f-prot-installer                                            <none>
pn  kaddressbook                                                         <none>
pn  kleopatra                                                            <none>
pn  procmail                                                             <none>
pn  spamassassin | bogofilter | annoyance-filter | spambayes | bsfilter  <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 750995-close@bugs.debian.org
• Subject: Bug#750995: fixed in kdepim-runtime 4:4.14.2-2
• From: Scott Kitterman <scott@kitterman.com>
• Date: Mon, 17 Nov 2014 05:03:51 +0000
• Message-id: <E1XqETf-0000pJ-U5@franck.debian.org>

Source: kdepim-runtime
Source-Version: 4:4.14.2-2

We believe that the bug you reported is fixed in the latest version of
kdepim-runtime, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 750995@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated kdepim-runtime package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 16 Nov 2014 22:14:26 -0500
Source: kdepim-runtime
Binary: kdepim-runtime kdepim-runtime-dbg
Architecture: source amd64
Version: 4:4.14.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description:
 kdepim-runtime - runtime components for Akonadi KDE
 kdepim-runtime-dbg - debugging files for Akonadi KDE runtime components
Closes: 750995
Changes:
 kdepim-runtime (4:4.14.2-2) unstable; urgency=medium
 .
   * Team upload.
   * Add debian/patches/tlscancelled.patch to fix issue with inability to
     cancel connections using unknown SSL certificates (Closes: #750995)
   * Bump minimum kdepimlibs5-dev build-depends version to 4:4.14.2-2~
     in order to ensure the added enum is available
Checksums-Sha1:
 7e4e0d653c5fdf2b9f61b67a8f7cc8ca3eb08548 2583 kdepim-runtime_4.14.2-2.dsc
 f3e31fc87d250b222c97714a5945b301aa099cd6 10452 kdepim-runtime_4.14.2-2.debian.tar.xz
 1fc1e43d2ae58fe64919d421693e22c7564c4cd0 2769954 kdepim-runtime_4.14.2-2_amd64.deb
 c6879b7f65b60ef2904225f31e0622f6394a5c75 49651978 kdepim-runtime-dbg_4.14.2-2_amd64.deb
Checksums-Sha256:
 4913b0210c8644beb4b9530c9868beda9b033c070120865bcab9d1a4f3de1eac 2583 kdepim-runtime_4.14.2-2.dsc
 e657c14c156899632aae7616ace1402941740be3f48dda2066f50f02bed9a2b3 10452 kdepim-runtime_4.14.2-2.debian.tar.xz
 aa4add466fd4a6a9f5aeaf19e1550622d80225d5f9b0814c6586c0c0ed656063 2769954 kdepim-runtime_4.14.2-2_amd64.deb
 f9d98e3d999e8f03566f32450ad0b06f9327f13bb965f87dc2857f3dabf5088b 49651978 kdepim-runtime-dbg_4.14.2-2_amd64.deb
Files:
 1a4d52b06c277d5cbb8433d836b63f90 2583 x11 optional kdepim-runtime_4.14.2-2.dsc
 7efc1062605e0255dac05fb7a0f33d06 10452 x11 optional kdepim-runtime_4.14.2-2.debian.tar.xz
 d36a04d5fab6edcd6d89794580a52fe6 2769954 x11 optional kdepim-runtime_4.14.2-2_amd64.deb
 3ff2f038b841229399ddfe2ddbc95b14 49651978 debug extra kdepim-runtime-dbg_4.14.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUaYApAAoJEHjX3vua1ZrxMnQQAJmaNu6xl81xjeeeWfSHbRcS
OYFaWymkuH/IiHe2qKz2NWHmtUxMTpDFUx+hWYCRWsPANC6hDR1eNq1gXFdRzEdR
FvjbZnTohMx/2ghYc+eE9AASi2MyRNgk2XTJk9/vC8UKSYkQbVZYBzccm4zgwhm0
a/Bz48pIvgjBZ5jnt4mfTjPIzFz8Qbd2k4jnotLhTO714Cy6D1qEb6pI0qRbaPLq
m9Ru91NXIc9cqdDtXa2LIttP4hyFtCcasd7pEUuy5z+fXL5wWRCYfRRR/tGC0txi
mO53ZWv3HZgtM+B7eJPsNZaEHwR7a4zYSarxu+YpisyO9v8kOQSMn4Nxwe4IZHlX
vFuez6o8LjfUUc/Zb2sdCEyarC5bbio8eoJkcAxE5Br6PQPB/XaTiDuiF+CYyeWy
7dOKq7JVeNb62HyAQwucq4XvQ9hlxAIqEyMZ3ckG6MRdU1RXLEMd9q6ROHLsNIxg
PX6sDSN1/pXYHsQDfiEp8P4SYSV0UsoAG93NyxgRn8my0Mypm0Xv5v/aDt0Y+x/L
8Qllkbkeft9RZWWMCzfBPKXzUdwnYUUoNMdjIua6IxpYXjt8iHDI/c33KGo0v80o
S1pbaqiKegXcnJcR3QqZpVlYDxag4oMOk5AnAN3D2jIFv7wU8cz9DtUjPY86u8TF
Qdv1Y7MHyaTOAga0+zsf
=AcVv
-----END PGP SIGNATURE-----

--- End Message ---