messagelib
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | KDE PIM messaging library |
| Version | 24.02.2-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1897 | 21.04.0-1 | 21.04.0-2 | Low | Fixed | |
| AVG-300 | 17.04.1-1 | 17.04.2-1 | Medium | Fixed | |
| AVG-44 | 16.08.1-1 | 16.08.1-2 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-31855 | AVG-1897 | Low | Yes | Information disclosure | Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the... |
| CVE-2017-9604 | AVG-300 | Medium | Yes | Information disclosure | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action... |
| CVE-2016-7968 | AVG-44 | Medium | Yes | Insufficient validation | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code... |
| CVE-2016-7967 | AVG-44 | Medium | Yes | Cross-site scripting | KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 14 Jun 2017 | ASA-201706-17 | AVG-300 | Medium | information disclosure |
| 07 Oct 2016 | ASA-201610-5 | AVG-44 | Medium | multiple issues |