I recently tried using current master branch in an attempt to get a recent version of libetpan which includes the CVE fixes that were merged at the end of 2020, i.e. issues #387 and #388, as there is no release version that includes these fixes. The latest master causes a crash due to invalid pointer. This seems to be triggered upon connecting to an IMAP server using TLS.
An issue captured the crash with limited debug information for the Claws-Mail flatpak package when using IMAP. I then decided to go with an earlier commit 80f0f515555de2798c6984db507d406d0153f1f5 which does not exhibit this problem.
It seems that the recent patch series introduced it. I report this such that you are aware that such an issue exists.
I recently tried using current
master
branch in an attempt to get a recent version of libetpan which includes the CVE fixes that were merged at the end of 2020, i.e. issues #387 and #388, as there is no release version that includes these fixes. The latest master causes a crash due toinvalid pointer
. This seems to be triggered upon connecting to an IMAP server using TLS.An issue captured the crash with limited debug information for the Claws-Mail flatpak package when using IMAP. I then decided to go with an earlier commit 80f0f515555de2798c6984db507d406d0153f1f5 which does not exhibit this problem.
It seems that the recent patch series introduced it. I report this such that you are aware that such an issue exists.