AVG-44 log

Package	messagelib
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	16.08.1-1
Fixed	16.08.1-2
Current	24.08.3-1 [extra]
Ticket	None
Created	Fri Oct 7 07:10:27 2016

Issue	Severity	Remote	Type	Description
CVE-2016-7968	Medium	Yes	Insufficient validation	KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code...
CVE-2016-7967	Medium	Yes	Cross-site scripting	KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security...

Issue

Severity

Remote

Type

Description

CVE-2016-7968

Medium

Yes

Insufficient validation

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code...

CVE-2016-7967

Medium

Yes

Cross-site scripting

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security...

Date	Advisory	Package	Type
07 Oct 2016	ASA-201610-5	messagelib	multiple issues

References
https://www.kde.org/info/security/advisory-20161006-1.txt https://www.kde.org/info/security/advisory-20161006-3.txt