messagelib

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description KDE PIM messaging library
Version 18.08.0-1 [testing]
18.04.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-300 17.04.1-1 17.04.2-1 Medium Fixed
AVG-44 16.08.1-1 16.08.1-2 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-9604 AVG-300 Medium Yes Information disclosure
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action...
CVE-2016-7968 AVG-44 Medium Yes Insufficient validation
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code...
CVE-2016-7967 AVG-44 Medium Yes Cross-site scripting
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security...

Advisories

Date Advisory Group Severity Description
14 Jun 2017 ASA-201706-17 AVG-300 Medium information disclosure
07 Oct 2016 ASA-201610-5 AVG-44 Medium multiple issues