Package: kmail Severity: grave Justification: user security hole For more information see: http://www.securityfocus.com/bid/13085
In summary: > A remote email message content spoofing vulnerability affects KDE > KMail. This issue is due to a failure of the application to properly > sanitize HTML email messages. > An attacker may leverage this issue to spoof email content and various > header fields of email messages. This may aid an attacker in > conducting phishing and social engineering attacks by spoofing PGP > keys as well as other critical information. securityfocus list 3.3.2 as vulnerable, which is currently in Sarge and Sid. No idea if it would affect 2.2.2 which is in Woody. See KDE bug 96020. Work around is to disable HTML email. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
