Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: dc622edc2e77
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 441a7da80803
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Sep 10, 2020

  1. claws-mail: patch mailto handling 

    The "Mailto: Me Your Secrets"[0] paper describes vulnerabilities in
multiple email clients regarding the undocumented "attach" field of a
mailto URI. This might allow the inclusion of sensitive data in an
outgoing email.

Pull request #95758 addresses this issue on a more general level.

Claws Mail unfortunately also has problems with mailto URIs[1][2].
Referring to the paper, problems for "attach" and "insert" were found
and fixed. These patches, which are not included in a release yet, are
hereby added.

[0]:https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
[1]:https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4373
[2]:https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4374
    @oxzi
    oxzi committed Sep 10, 2020
    Copy the full SHA
    62eed9a View commit details
    Browse the repository at this point in the history

Commits on Sep 15, 2020

  1. Merge pull request #95800 from oxzi/claws-mail-mailto 

    claws-mail: patch mailto handling
    @ajs124
    ajs124 committed Sep 15, 2020
    Copy the full SHA
    441a7da View commit details
    Browse the repository at this point in the history