AVG-44

Package messagelib
Status Fixed
Severity Medium
Type multiple issues
Affected 16.08.1-1
Fixed 16.08.1-2
Current 17.12.2-1 [extra]
Ticket None
Created Fri Oct 7 07:10:27 2016
Issue Severity Remote Type Description
CVE-2016-7968 Medium Yes Insufficient validation
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code...
CVE-2016-7967 Medium Yes Cross-site scripting
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security...
Date Advisory Package Description
07 Oct 2016 ASA-201610-5 messagelib multiple issues
References
https://www.kde.org/info/security/advisory-20161006-1.txt
https://www.kde.org/info/security/advisory-20161006-3.txt