Fedora Linux 8811 Published by

A geary security update has been released for Fedora 31.



SECURITY: Fedora 31 Update: geary-3.34.2-2.fc31


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-95f2c5cc25
2020-09-08 15:13:30.490624
--------------------------------------------------------------------------------

Name : geary
Product : Fedora 31
Version : 3.34.2
Release : 2.fc31
URL : https://wiki.gnome.org/Apps/Geary
Summary : A lightweight email program designed around conversations
Description :
Geary is a new email reader for GNOME designed to let you read your
email quickly and effortlessly. Its interface is based on
conversations, so you can easily read an entire discussion without
having to click from message to message. Geary is still in early
development and has limited features today, but we're planning to add
drag-and-drop attachments, lightning-fast searching, multiple account
support and much more. Eventually we'd like Geary to have an
extensible plugin architecture so that developers will be able to add
all kinds of nifty features in a modular way.

--------------------------------------------------------------------------------
Update Information:

Add patch for CVE-2020-24661: Handling of pinned, invalid TLS certificates.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug 29 2020 Thomas Moschny - 3.34.2-2
- Add patch for CVE-2020-24661.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1872970 - CVE-2020-24661 geary: mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1872970
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-95f2c5cc25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys