openSUSE-SU-2021:0675-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0675-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0675-1
Related
Published
2021-05-06T12:06:14Z
Modified
2025-05-08T17:46:39.778265Z
Upstream
Summary
Security update for alpine
Details

This update for alpine fixes the following issues:

Update to release 2.24

  • A few crash fixes
  • Implementation of XOAUTH2 for Yahoo! Mail.

Update to release 2.23.2

  • Expansion of the configuration screen for XOAUTH2 to include username, and tenant.
  • Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header.
  • Alpine does not generate Sender or X-X-Sender by default by enabling [X] Disable Sender as the default.
  • Alpine does not disclose User Agent by default by enabling [X] Suppress User Agent by default.
  • When messages are selected, pressing the ';' command to broaden or narrow a search, now offers the possibility to completely replace the search, and is almost equivalent to being a shortcut to 'unselect all messages, and select again'.

Update to release 2.23

  • Fixes boo#1173281, CVE-2020-14929: Alpine silently proceeds to use an insecure connection after a /tls is sent in certain circumstances.
  • Implementation of XOAUTH2 authentication support for Outlook.
  • Add support for the OAUTHBEARER authentication method in Gmail.
  • Support for the SASL-IR IMAP extension.
  • Alpine can pass an HTML message to an external web browser, by using the 'External' command in the ATTACHMENT INDEX screen.

Update to release 2.22

  • Support for XOAUTH2 authentication method in Gmail.
  • NTLM authentication support with the ntlm library.
  • Added the '/tls1_3' flag for servers that support it.
  • Add the 'g' option to the select command that works in IMAP servers that implement the X-GM-EXT-1 capability (such as the one offered by Gmail).
  • Added '/auth=XYZ' to the way to define a server. This allows users to select the method to authenticate to an IMAP, SMTP or POP3 server. Examples are /auth=plain, or /auth=gssapi, etc.
  • When a message is of type multipart/mixed, and its first part is multipart/signed, Alpine will include the text of the original message in a reply message, instead of including a multipart attachment.
  • Added backward search in the index screen.
  • pico: Add -dict option to Pico, which allows users to choose a dictionary when spelling.

  • Drop /usr/bin/mailutil, it is not built by default anymore.

  • Added Quota subcommands for printing, forwarding, saving, etc.

References

Affected packages

openSUSE:Leap 15.2 / alpine

Package

Name
alpine
Purl
pkg:rpm/opensuse/alpine&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.24-lp152.5.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "alpine": "2.24-lp152.5.3.1",
            "pilot": "2.99-lp152.5.3.1",
            "pico": "5.07-lp152.5.3.1"
        }
    ]
}