Control: severity -1 grave Hi,
>Even more, a mail header can be "spoofed" using simpler tools, like an >smtp >server, thus I'm not really convinced that this bug deserves a "grave" >severity. Did you read all of this bug report? 1. I explained that this method can do more than other ways of spoofing mail headers because mail filters do not see the spoofed headers, 2. in my follow-up, I showed that in 16.04, legitimate HTML mail breaks the UI. This has nothing to do with spoofing - KMail breaks when opening random, legitimate mail. I cannot even click any controls in the mail view anymore. This affects daily, normal work with KMail and makes it unusable for reading legitimate mail. That is the definition of "grave functionality bug". I am ok with dropping the security tag, but the grave was for the follow-up. The bug with the legitimate mail does *not* occur in any prior version, so migration would introduce this issue into testing. In conclusion: I can read legitimate mail in kmail in testing; I can't do so in unstable. Thus, the new version should not migrate unless the bug is fixed. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Mobil: +49-1520-1981389 Teckids e.V. · FrOSCon e.V. · OpenRheinRuhr e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Contributor LPIC-3 Linux Enterprise Professional (Security)
