Source: kf5-messagelib Version: 4:16.04.3-2 Severity: important Tags: patch upstream security Control: clone -1 -2 Control: reassign -2 kdepim 4:4.14.1-1
Hi, the following vulnerability was published for kf5-messagelib (and kmail). CVE-2017-9604[0]: | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in | KDE Applications before 17.04.2, do not ensure that a plugin's | sign/encrypt action occurs during use of the Send Later feature, which | allows remote attackers to obtain sensitive information by sniffing the | network. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9604 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9604 [1] https://www.kde.org/info/security/advisory-20170615-1.txt Looking at the patchset I see it would apply as well to kdepim/4:4.14.1-1 to some extend. I though have some difficulties to correctly classify not knowing this Send Later feature. Can you please double check the above. Regards, Salvatore
