messagelib

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description KDE PIM messaging library
Version 24.12.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1897 21.04.0-1 21.04.0-2 Low Fixed
AVG-300 17.04.1-1 17.04.2-1 Medium Fixed
AVG-44 16.08.1-1 16.08.1-2 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-31855 AVG-1897 Low Yes Information disclosure
Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g. an IMAP server) causes KMail to upload the decrypted content of the...
CVE-2017-9604 AVG-300 Medium Yes Information disclosure
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action...
CVE-2016-7968 AVG-44 Medium Yes Insufficient validation
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code...
CVE-2016-7967 AVG-44 Medium Yes Cross-site scripting
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security...

Advisories

Date Advisory Group Severity Type
14 Jun 2017 ASA-201706-17 AVG-300 Medium information disclosure
07 Oct 2016 ASA-201610-5 AVG-44 Medium multiple issues